Technology

Four mechanisms to control PC-Covid’s use of user-granted permissions


According to a representative of the Department of Information Security (Ministry of Information and Communications), in addition to being evaluated for safety and security during the development process, the PC-Covid application is always strictly controlled for the use of all rights. request to the user.

Concerns and questions related to safety and information security in general, and the requirements and application of PC-Covid epidemic prevention to use the rights granted on devices have been partially removed. . On October 6, the National Center for Covid-19 Prevention and Control (Technology Center) invited experts from Command 86 (Ministry of Defense), A05 (Ministry of Public Security), Department of Information Security. (Ministry of Information and Communications) and Vietnam Information Security Association – VNISA perform independent appraisal and assessment for PC-Covid, this application source code.

Through the assessment, experts have confirmed: Users can rest assured about the safety and security of PC-Covid’s information. All four rights PC-Covid requires people to grant to use are appropriate, serving the prevention of epidemics. PC-Covid does not exploit the user’s location at all, complies with the provisions of the law and absolutely does not exploit the user’s SMS and OTT information.

The PC-Covid epidemic prevention application was posted on the App Store and Google Play app stores, respectively, on September 30 and October 1.

Along with the publication of the results of an independent assessment by a group of experts, at the October 7 seminar on the PC-Covid rights required by users to use, the Technology Center also provided specific information on the mechanism to control the use of permissions by PC-Covid on the phone.

“All rights that PC-Covid need to be granted and used are strictly controlled through 4 mechanisms including: Controlled by the operating system, controlled by the application market, controlled by the application development team itself. application of the Technology Center and the regular supervision and control of the competent authorities”, a representative of the Technology Center said.

Mechanism controlled by the operating system

All permissions that the apps (applications) on the phone need to use must be agreed to by the user. The control operating system will clearly notify the user.

In the operating system’s permissions control mechanism, permissions are often organized and granted into clusters of permissions. For example, permission to use Bluetooth and permission to access location are two permissions that are often tied together in a permission cluster (with Android operating system). Therefore, when the PC-Covid app or any other app uses one of the relevant permissions, the operating system will ask the user if they agree to grant the whole set of permissions?

Similarly, the PC-Covid app only needs photo access to save the QR code – a utility for people during use, but then the operating system will warn users about using both. permissions cluster related to “photos, audios, videos and files”.

Each operating system will have different warning messages, which may briefly state the permissions being requested, or may also specifically warn with an illustration of some possible risks.

In general, all permissions that each app applies for will be clearly announced by the operating system before the user confirms it. These rights are carefully censored by Google and Apple before being released on the App Store and Google Play.

For the PC-Covid epidemic prevention application, users can view the terms of use published by the developer at https://pccovid.gov.vn/dieu-khoan-su-dung.

Mechanism controlled by app marketplaces

During development and posting to app marketplaces, each app is checked before publishing. Especially with applications with tens of millions of users like PC-Covid, Apple and Google strictly and carefully control compliance with rights and use rights policies to ensure users’ personal data. use is not compromised (check every piece of code, every interface, every function).

According to a representative of the Technology Center at the time when PC-Covid was recently approved by Apple and Google to be uploaded to the app stores, both Google and Apple reviewed carefully and browsed for a long time. They ask each line of this code what to do, why use this set of libraries, why the interface mentions this problem but the response message is different.

The expert review teams of Apple and Google spent many nights on the phone directly with the brothers of the National Technology Center to find out more information. “Basically, with applications with tens of millions of users, Google and Apple have very thorough review mechanisms to protect users, it is difficult for a line of code that violates their terms to escape scrutiny.” representative of the Technology Center said.

Mechanism of control through competent authorities

Along with the control mechanism by the application development team of the Technology Center, the PC-Covid application in both development and operation is under the control of competent authorities.

Like other anti-epidemic support technology applications and platforms, right from the time of development, information and data security and safety has been one of the issues that have received special attention.

Therefore, during the development process, the PC-Covid application always has the participation in the control of safety, information security in general, control of rights and the use of rights in particular by competent authorities. authority, including the Information Security Department (Ministry of Information and Communications), Department A05 (Ministry of Public Security), Command 86 (Ministry of Defense), Vietnam Information Security Association – VNISA and a large number of security experts. Vietnam network security.

According to a representative of the Information Security Department, Ministry of Information and Communications, in the coming time, whenever PC-Covid has an updated version, this agency will coordinate with competent authorities to organize a review. evaluate, test and request application developers to overcome the weaknesses and vulnerabilities, if any, of PC-Covid.

Van Anh

New version PC-Covid improves the Covid information card feature, applicable to each province

New version PC-Covid improves the Covid information card feature, applicable to each province

Along with a secure QR code, version 4.0.4 of the PC-Covid epidemic prevention app also has improved the Covid-19 information card feature, allowing it to be applied according to local regulations. The new version has been approved by Apple and Google to put on the app stores.

.

Leave a Reply

Your email address will not be published. Required fields are marked *