App Data Safety Guard Solution

At present, the mobile malicious software is growing rapidly. Mobilemalwareis not only to eavesdrop on user conversation, steal user privateinformation, unauthorized use of paid services and consumption data flowarbitrarily, even endanger the network security.

In fact, it is not only subscriber being disturbed by malicious software, telecommunication suppliers have also been affected, because of the lack of inspection tools, some of malicious software sneak through different ways such as pre-sold mobile phone and phone shop’s app promote system, which means malware spread into market with the help of the telecom enterprises, which leading to suppliers are complained by their customer, also influencing on their corporate brand, and even related to their normal businessexpansion.

In order to stop spreading of malicious software,provide subscriber with more secure, more reliable smartphone and better protected app software services, the application & service evaluation department of ZCTT has put forward a new solution for secure protection of mobile app data. Conforming to related standards of the Ministry of Industry and Information in application security detection, all the solid and perfectapp safety solution is able to help telecom suppliersbuilding their security management system, and forcing to stop malicious softwareinflowingmobile network market,at same time ZCTT safety product could enhance the telecom corporate brand imagecomprehensively.

1. This solution provides telecom suppliers with specialized appsecurity testing devices called“App Data Safety Guard”. The solution established a direct test channel between the phone shop and professionalapp safety inspection organizations.With the depth specialized application security testing capabilities, our target is to provide a mobile application software securityexamining method to the telecom phone shops.

2. Provide application security testingdata from “App Data Safety Guard”, which is deployed by telecom phone shop, and it will meet all the application software security inspectionrequirementsfor the telecom suppliers.


Testing Capability Analysis
ZCTT security protection system is different from traditional virus scanning modes, the solution provides security testing technologies that not only includetraditional code signature scanning technology, and furthermore integrated with the most advanced‘dynamic behavior monitoring technology, network monitoring analysis technology, data detecting analysis technology’, thus our solution is demonstrating our comprehensive testing capabilitiesfor malicious application software.

1. Testing Principle
According to the concept of “Comprehensive monitoring, Significant focusing” which is put forward by the Ministry of Industry and Information for application software security, conduct detection over the following concerning application permission:

Comprehensive Monitoring
Device Information
IMEI IMSI ICCID SIM Card Service Provider Mobile Phone Number Positioning Information
Personal Information File Information
Address Book Call Record SMS Record Access of SD Card Installation of Application List List of Audio and Video System Log
Key Concerns
Unauthorized Sending Personal Information
SMS Sending Network Sending
Sending Behavior Receiving Number SMS Content Device Information Personal Information Location Information
Unauthorized Executing Malicious Program
Unaware Upload Personal Privacy Unaware Ordering Paid Services Unaware Downloading and Installing  Apps

2. Testing Scope
On the definition of a standardfor malicious software behaviormust followthe related regulations which are issued by the Ministry of Industry and Information, such as Monitoring and Disposal Mechanism for Malicious Applications of Mobile Internet, Regulations for Personal Information Protection of Telecom and Internet Users and Notice on Strengthening Access Management of Mobile Intelligent Terminal, ZCTT security protection system provide expert testing method that is not only discovering traditional malicious software behavior, but also could be in accordance withthe latest standards of MIIT. The main purpose of this solution is to find app software implicit malicious behaviors, such as malicious payment, expenses consumption, trap fraud, and broken operation system etc…, furthermore, our solution is focusing on personal privacy disclosure performance

Specific Testing Scopes
a. Collecting or using users’personal information without permission
b. Customizing paid services and consuming users’ telephone fare without permission
c. Downloading other unrelated application software and consuming users’flowwithout permission
d. Promotingother unrelated application software to users by cheating or misleading

3. Specific TestingObjects
a. Application privilege monitoring: Monitoring excessive application or use of authorities that are unrelated to native application functions. Specific monitoring includes excessive application and use of sensitiveprivilege.
b. Advertisement plug-in monitoring: Mainly monitoring the advertisement behaviors of theapplications. Specific monitoring includes embedded advertisementstatistics, malicious advertisement, malicious score wall.
c. Application unawareactions monitoring: Monitoring all kinds of unawareactions in background. Specific monitoring includes reading device information without noticing (IMEI, IMSI, phone number, location information), and unknowing reading privacy information (address book, call record, SMS record).
d. Unauthorizedsending actionsmonitoring: Monitoring everykind of sending actionsin background.Specific monitoring includes unauthorized sending of sensitive information (IMEI, IMSI, phonenumber, location information, address book, call record, SMS record); unauthorized sending of SMS (sending number, sending content).
e. Unauthorized file informationreading: Monitoring all kinds of unawarereading actionsin background. Specific monitoring includes reading application installation list, browser bookmark, audio/video/image information, account number of third-party applications.
f. Network actions monitoring: Monitoring network status in background. Specific monitoring includes network connection time, upload throughput, download throughput, unaware download application software, and unaware app installation.

4. Testing Technology
ZCTT security protection system introducesthe most advancedapplication securitytesting techniques. The system adopts a specialized test terminal which is embedded with real mobile phones as a basic environment for testing. Allapp testingprocesses arecompleted ina real environment(real smartphones, real network), which means all the test results are absolutely accurate.

Combined with the static scanning technology, dynamic monitoring technology and network listening technology, the system is able to monitor behaviors of privacy leakage, and app code layer, system layer, network transmission layer for discovering malicious payment, broken operation systemand maliciousdownload.

a. Static Scanning Technology
Identical to the traditional virus scanning mode, the static feature scanning technology conducts inspection over the application code layer, makes a reverse analysis over the invocation of sensitive behavior motion API and detects malicious risks hidden in applications rapidly with the rapidly filtering technology for feature code. In addition, the technology can discover problems of excessive application for privilege and excessive use of privilege in applications by analyzing the privilege application code of the application.

b. Dynamic Monitoring Technology
The dynamic behavior-monitoring technology emphasizes applications behavior monitoring. The system can monitor all motions and behaviors related to applications comprehensively, including silent motionmonitoring. Silent motion is adopted by most of malicious behaviors and cannot be foundby users, so it has very strong concealment and brought great harm. However, the traditional security test methods for application stores cannot monitor static motion effectively, easily causing misleading.

The solution adopts the dynamic monitoring technology that can realize comprehensive monitoring and real-time interception for the mobile phone system effectively. While listening to all points in the mobile phone operating system in real time, the system can display any motions and behaviors generated by the application. Due to all the silent motionsare monitored and recorded, the malicious behaviors will be founded easily.

c. Network Listening Technology
Network Listening Technology combines with the network packet catching and sensitive word filtering technology in the data transmission layer of mobile phones.Due to adopting real mobile phones as the standard test environment for application test, the network listening technology can capture all of network data generated in mobile phones in real time. With the application of the sensitive word filtering technology, the system can rapidly determine whether sensitive information has been leaked, and finally discover the personal information stealing behaviors hidden in application software.

At present, by security test for application stores, personal information leakage cannot be detected generally. Nevertheless, with the personal information protection regulations issued by the Ministry of Industry and Information, application reviewer should pay more attention to personal information leakage. The traditional code scanning mode, which only focuses on code analysis application behaviors, cannot determine whether information transmission relates to the functions, therefore producing a lot of misdescriptions. However, the solution provided by ZCTT can discover privacy leakage accurately based on the real test environment.

ZCTT security protection system adopts the exclusive detecting technology approved by the Ministry of Industry and Information, that is not only solve incorrect and missed problems in traditional virus scanning mode effectively, but also discover emerging viruses and their variants. Meanwhile, according to the latest application security test standard of the Ministry of Industry and Information, we enlarge detection range and realize the protection of personal information for mobile internet preferably.

This solution provides complete ‘App data safety Guard’for telecom companies. Under the protection of this system, our ideas are introducing green and secure product to solve appsafety testing concern and examining problem for telecom mobile shop apppromotion. Finally through ZCTTapp security system, telecom suppliers will provide high-quality and safety app software to their customs and improve customer satisfaction. Meanwhile all our effort will bring a good business to China telecom suppliers and help them to build their security brand image.

Carrers |Legal |Locations | Site Map | VPN Login
Copyright © 2017 by ZCTT,
All rights reserved Reproduction in whole or in part without permission is prohibited ICP 15026937
User ID:
Forgot Password
User ID:
E-mail: Get Code
Verify Code :
Forgot Password
News Password:
Confirm Password:
User Service Provisions of ZCTT
Service Provisions for Technical Support Website of ZCTT:
©2003-2014 ZCTT All Rights Reserved

1、Access Rules and Conditions

The following rules apply to all users or browsers who access the website, Beijing Zhongchuang ZhongChuang Telecom Test Co., Ltd (ZCTT) reserves the right to modify these rules at any time. The right to access the website is granted by ZCTT according to the following articlesprovisions. If you disagree with any of the following articleprovisions, please stop using this URL. For behaviors that violate these rules, ZCTT has the right to adopt legal and fair remedial measures.

The material and information at this website include, but are not limited to, text, picture, data, viewpoint, proposal and webpage. A, although ZCTT is dedicated to providing accurate material and information on websites, the company does not guarantee the accuracy, completeness, sufficiency and reliability of these materials and their content, and clearly declares, neither to assume any responsibility for the error or omission of these materials and their content, nor to make any express or implied guarantee for them, including but not limited to the guarantee for ownership, quality and not to infringe upon rights of any third party and have computer virus.

Without any notice or hint, ZCTT can modify the content at the website at any time, to get the information of the latest version, please access the website regularly.

Products or services that are mentioned at the website and dowhich not belong to ZCTT are only for the sake of providing related information, and should not constitute the recognition or recommendation for these products and services.

ZCTT does not make any declaration, guarantee or recognition for any product, service or information provided at the website, all of products and services that are sold should be subject to the sales contract and related provisions of the company.

3、Declaration of Copyright

All of materials or information at this website are protected by copyright laws, all of copyrights are owned by ZCTT, except content that gives clear indication of referring to other parties. Without prior written consent of ZCTT or other obligees parties, anyone should not copy, distribute, reproduce, play any content at the website in any manner, or connect or transmit it in hyperlink, load it onto other servers with the method of images, store it in the information retrieval system or for any commercial purpose, except the one that is used for non-commercial purpose or downloading or printing for personal use (the precondition is modification is not supported no change for any contents, and instructions of copyright and other ownerships in the material should be retained).

If you send communication or material to the website in email or other formsmeans, all of communication content is deemed to have the nature of non-confidential and non-copyright, unless you have indicated. Without any need to ask for your opinions, ZCTT can use any content, opinion, specialized knowledge or technology in the communication content you send to the website randomly for any purpose, without any fee. In addition, you agree and understand ZCTT has no obligation to adopt any idea or material, and also you have no right to force to adopt it.

If you publish information or add comment at the website, you grant the right to edit, copy, propagate its content and make derivation, and to use any form of the website or media publish. In addition, you should assume full liability for all of your behaviors at the website. Below is partial, but not full, illegal behaviors that cause to lose the access right for the website:
1)Publish illegal, obscene or libelous content
2)Harass, threaten, hamper or interfere other users by any of harmful means
3)Spread Propagate or help publish libelous, harmful, threatened, harassing, insulting, infringing, vulgar, obscene, slandering or repulsive content or content of racial discrimination
4)Use vulgar or abusive language
5)Personate Counterfeit the name of another person
6)Try to get the password of another user
7)Publish any advertising or promotion content
8)Upload virus or other harmful content
9)Hamper or attempt to hamper the operation of the website
ZCTT reserves the right to clear content at any time, including but not limited to the content that violates these standards. The company assumes no responsibility for any repulsive content you may encounter in the use of the website.
If any communication, material, information or added comment which you send or publish, use unauthorized content, including but not limited to, the rights of others, undocumented technology without agreement of obligees, you should assume full liability for it.

All of trademarks and logos used and displayed at the this website are owned by ZCTT, except trademarks, logos or firms names that give clear indication of belonging to other parties. Without written consent of ZCTT or other parties, Any any contents at the website of ZCTT should not be deemed as the recognition or right for authorizing to use any of the above-mentioned trademark or logo in implied, unopposed or other form without written consent of ZCTT or other parties. Without prior written consent, anyone should not use the name, trademark or logo of ZCTT in any means.

5、Provided Products or Services

Because of the internationalism or limitlessboundarilessness of Internet, information provided by the website also has the nature of internationalism. T,therefore, not all of products or services mentioned at the website are delivered in your country or region, please contact the local sales representative or agent to know about products or services provided in your country or region.

6、Third-party Link

The website may retain links pointing to the third-party website or URL, and users should make their own decisions to access these links. ZCTT does not make any guarantee for the accuracy, completeness, sufficiency and reliability of any information, data, viewpoint, picture, statement or proposal provided by these links. ZCTT provides these links only for the sake of convenience, but does not represent the recognition and recommendation for the information and use for publicity or advertising purposes.

7、Protection of Personal Information

ZCTT fully respects your right of privacy and spares no effort to protect your personal information. Normally, you do not need to provide any personal information to visit the website of ZCTT. For a particular purpose, if you provide your name, gender sex, kind of certificate and certificate number, date of birth, country, email box, telephone, contact address and postal code that are needed for registering or subscribing to electronic information, or services or preferred information, customer code and other similar personal information you expect, that are needed for registering or subscribing to electronic information in the means of filling out voluntarily, it is deemed that you have already understood and accepted the usage of your personal information, and permitted ZCTT to use your personal information for realizing the particular purpose.

ZCTT promises that your personal information should not be sold at any time or in any case, ZCTT uses information obtained according to the provision only within the scope permitted by law. However, ZCTT may provide the legal or government department with some of your personal information according to their demands; or, publicize some of personal information to a bare minimum when ZCTT has reasons to believe that it is necessary to do this way to protect the company, customer or public, you should predict and agree with the occurrence of the case when you provide your personal information.

8、Applicable Laws and Right of Jurisdiction

If you access this website and use facilities and (or) services via the URL, it is deemed that you agree that the access, implementation and (or) offering of services should be subject to laws of People’s Republic of China, and you agree to be governed by courts of People’s Republic of China, in ZCTT location.
Message Board
User Name:
Phone number:
Please choose consulting intention
Product information & Technical questions After-sale services Partnering with ZCTT