Mobile-internet developments have made smart devices the most popular way to go online, writes Herman Kannenberg, Head of Legal Affairs and Cyber Security, Huawei South Africa. These devices store a wealth of user data with an increasing number of apps installed from uncontrolled sources, but also raise security risks.
This has drawn increasing scrutiny around user privacy and information protection. Huawei takes the security of smart devices extremely seriously. We do everything we can to protect user privacy and ensure data security as we work to provide a premium user experience.
Consumer Business Group
Huawei’s Consumer Business Group (BG) is committed to building a brand that is trusted by global consumers in terms of privacy protection. We strictly comply with the Generally Accepted Privacy Principles (GAPP), the EU’s General Data Protection Regulations (GDPR), and all other applicable laws and regulations in the countries where we operate.
We believe that privacy is our customers’ basic right, and that they should have full knowledge and control of what is done with their personal information. Achieving this goal is part of everything we do.
Guided by the idea of “Privacy Under Your Control”, our Consumer BG adheres to four basic principles – transparency, user benefits, security, and legal compliance – and incorporates Privacy by Design throughout our business.
Protecting user privacy requires advanced technologies. We leverage leading security technologies to protect user data and to incorporate privacy protection principles starting from the product design stage. These principles continue throughout the entire product development process to fully protect user data.
Operating system
Huawei has also built a Trusted Execution Environment Operating System (TEE OS) that supports hardware isolation. This OS ensures sensitive user data such as fingerprints, facial biometrics and lock screen passwords are all encrypted, verified, and stored in the TEE to prevent privacy leaks.
The TEE OS’s microkernel obtained the CC EAL5+ certification, the highest for a commercial OS and uses the formal verification method. Compared with traditional verification methods, formal verification starts from code and uses mathematical methods for verification. It then analyses each possible execution of that code, which eliminates system vulnerabilities from the source to enhance systemic security.
The key features of the Emotion User Interface (EMUI) – Huawei over-the-air (HOTA), Celia, and Hiview – received the EU’s ePrivacyseal, making Huawei the first mobile phone manufacturer to receive this certification.
Mobile Services
In the Huawei Mobile Services (HMS) domain, we have established a complete system for managing personal data protection, and we are the global leader in terms of personal data security management, transparency, and privacy compliance.
For example, the AppGallery manages the security of apps with a unique four-layer system – malicious behaviour detection, security vulnerability scanning, privacy leak checks, and manual real-name reviews. This system ensures that only secure apps are available for download from the AppGallery.
Huawei Mobile Cloud encrypts the data transmitted in device-cloud channels and the data it stores to protect user data from end to end.
Last year, HMS became one of the first recipients of the ISO/IEC 27701 privacy protection system certification issued by the British Standards Institute (BSI), an authoritative international standards organisation.
We are proud of these certifications by world-leading organisations, as confirmation of our ability to protect user privacy and manage information security. They motivate us to continue placing customer security at the heart of what we do.