App合规性检测综述  被引量：4

作　　者：刘晓建[1] 彭玉坤 LIU Xiaojian;PENG Yukun(College of Computer Science and Technology,Xi’an University of Science and Technology,Xi’an 710054,China)

机构地区：[1]西安科技大学计算机科学与技术学院,西安710054

出　　处：《计算机工程与应用》2023年第3期1-12,共12页Computer Engineering and Applications

基　　金：国家自然科学基金(61702408);陕西省自然科学基金(2017JM6105);教育部产学协同育人项目(西安四叶草信息安全有限公司“软件安全课程建设和教学资源开发”);教育部产学协同育人项目(华为技术有限公司“基于openEuler的操作系统课程资源开发”)。

摘　　要：随着App使用者数量迅速增长,个人信息主体隐私泄露问题也日渐严重。为此,近年来我国相继出台了有关App个人隐私信息安全的相关法律文件,有关部门也相继开展了App整治工作,旨在对App个人信息的采集、存储和处理等方面进行规范。综述了App合规性问题,揭示出我国App安全面临的挑战性问题,列举了我国各层次部门颁布的App相关法规和政策,并介绍了国家在App治理方面推出的相关措施;综述了App合规性检测方法,将国内外App合规性检测分成App隐私政策的完整性检测、一致性检测和可读性检测三类,并从不同维度和切入点对这三类检测方法进行了分析和总结;对国内App合规性检测平台及其相应功能进行了整理和分析;提出了App合规性检测仍存在的挑战性问题,并展望了未来的发展方向。With the rapid growth of the number of App users, the privacy disclosure of personal information subjects has become increasingly serious. Therefore, in recent years, China has successively issued relevant legal documents on App personal privacy information security, and relevant departments have also carried out App rectification work to regulate the collection, storage and processing of App personal information. This paper summarizes the compliance problems of App. Firstly, it reveals the challenging problems of App security in China, lists the relevant regulations and policies of App issued by various levels of departments in China, and introduces the relevant measures launched by the state in App governance. Then, the App compliance detection methods are summarized, and the App compliance detection at home and abroad is divided into three categories:integrity detection, consistency detection and readability detection of App privacy policies. The three detection methods are analyzed and summarized from different dimensions and entry points. Thirdly,sorting out the domestic App compliance detecting platform and corresponding functions. Finally, the challenges that still exist in App compliance detecting are proposed, and the future development direction is prospected.

关 键 词：App合规性检测 隐私政策 完整性 一致性 可读性 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]