HUAWEI Mobile Services (HMS) Security Technical White Paper Issue V1.0 Date 2020-05-19 Huawei Device Co., Ltd. Secure and Trustworthy HUAWEI Mobile Services (HMS) Huawei Device Co., Ltd. Address: No.2 of Xincheng Road, Songshan Lake Zone, Dongguan, Guangdong, P.R. China Website: https://consumer.huawei.com/en/ PSIRT Email: [email protected] Fax: +86-0769-23839866 Issue V1.0 (2020-03-31) Copyright © Huawei Device Co., Ltd. i HUAWEI Mobile Services (HMS) Security Technical White Paper Contents Contents 1 Introduction ..................................................................................................................... 1 Security & Privacy Protection Are Huawei's Top Priorities ................................................................................ 2 2 Chip-based Hardware and OS Security ........................................................................ 4 Security Chip Integrated into the Kirin Processor .............................................................................................. 4 Sensitive Personal Data Processed in Secure Encrypted Zones...................................................................... 5 EMUI Security Hardening & Enforced Management ......................................................................................... 6 3 Secure Service Access ................................................................................................... 7 Password Complexity ........................................................................................................................................ 7 Image Verification Code..................................................................................................................................... 7 Account Protection and Multi-factor Authentication ........................................................................................... 8 Risky Operation Notification .............................................................................................................................. 8 Heuristic Security Authentication ....................................................................................................................... 8 Accounts for Children ........................................................................................................................................ 8 Account Anti-Fraud ............................................................................................................................................ 8 Account Privacy Protection ................................................................................................................................ 9 4 Encryption and Data Protection .................................................................................. 10 Data Security Empowered by EMUI ................................................................................................................ 10 Encryption Key Management and Distribution ................................................................................................ 10 Certification and Digital Signature .................................................................................................................... 11 Trusted Identity Authentication and Integrity Protection .................................................................................. 12 TCIS ................................................................................................................................................................. 13 5 Network Security........................................................................................................... 14 Secure Transmission Channel ......................................................................................................................... 14 Cloud Network Border Protection .................................................................................................................... 14 VPN-based Fine-grained Security Protection .................................................................................................. 15 Host and Virtualization Container Protection ................................................................................................... 16 Multi-layer Intrusion Prevention ....................................................................................................................... 16 Zero Trust Architecture .................................................................................................................................... 17 Vulnerability Management ............................................................................................................................... 17 Operation Audit ................................................................................................................................................ 17 6 Service Security ............................................................................................................ 19 Issue V1.0 (2020-03-31) Copyright © Huawei Device Co., Ltd. ii HUAWEI Mobile Services (HMS) Security Technical White Paper Contents HUAWEI Mobile Cloud .................................................................................................................................... 19 HUAWEI SkyTone ............................................................................................................................................ 20 Find My Phone ................................................................................................................................................. 21 HUAWEI Browser ............................................................................................................................................ 21 HUAWEI Wallet/Huawei Pay ........................................................................................................................... 22 Service Anti-Fraud ........................................................................................................................................... 24 7 AppGallery and App Security....................................................................................... 25 Overview of AppGallery and App Security ....................................................................................................... 25 Developer Identity Verification ......................................................................................................................... 25 Four-Layer Malicious App Detection System................................................................................................... 26 Download and Installation Assurance .............................................................................................................. 27 Runtime Defense Mechanism ......................................................................................................................... 28 Age Rating of Apps .......................................................................................................................................... 29 Security of Quick Apps ..................................................................................................................................... 29 Software Green Alliance .................................................................................................................................. 29 Open Security Cloud Test ................................................................................................................................ 30 8 HMS Core (Developer Kits) .......................................................................................... 32 HMS Core Framework ..................................................................................................................................... 32 Authentication Credentials ........................................................................................................................... 33 Service DR ................................................................................................................................................... 33 Account Kit ....................................................................................................................................................... 34 Authorized Developer Login ........................................................................................................................ 34 Anti-fraud ..................................................................................................................................................... 34 Push Kit............................................................................................................................................................ 34 Identity Authentication .................................................................................................................................. 35 Push Message Protection ............................................................................................................................ 35 Secure Transmission of Push Messages..................................................................................................... 35 In-App Purchases (IAP) ................................................................................................................................... 35 Merchant and Transaction Service Authentication .....................................................................................