Security Description

Permission Management

The cloud phone management system is not within the delivery scope of the solution. In commercial scenarios, the following permission management mechanisms are recommended:

1. Define separated permissions to allocate only necessary permissions to each user and develop a comprehensive user management mechanism. This is to prevent administrator or operator accounts of the cloud phone management system from being forged. In addition, key system operations must be logged for audits.
2. The cloud phone server performs identity authentication on the instructions sent by the management system to limit the number of connections from users who have not been authenticated or have failed the authentication. Identity authentication prevents unauthorized users from initiating malicious operations and DoS attacks.

Secure Transfer

1. To prevent information leakage, use a secure communication protocol for communication between the cloud phone management system and the cloud phone server.
2. When authorized users connect to cloud phones through the Android Debug Bridge (ADB), it is recommended that customers or ISVs provide the SSH certificate for the connection and record key user operations on the server to prevent repudiation.

Privacy Statement

1. The Global Positioning System (GPS), international mobile equipment identity (IMEI), acceleration sensor, and gyroscope sensor provide the data configuration emulation function. This function is generally used only in app hosting test scenarios. It is recommended that customers set non-real emulated data to prevent the leakage of real personal data.
2. When users install apps and games in the cloud phone system, guide them to mainstream app marketplaces or stores. Take measures to prevent unauthorized user data access and malicious operations such as listening.

Secure OS Update

1. When using Ubuntu or openEuler, note the latest security updates. Using the latest security updates to repair the OS in a timely manner can prevent the OS from being affected by vulnerabilities or attacked by malicious software. In addition, security updates ensure the proper running of the Android container on the OS.
2. Periodically check whether security updates are available in the OS. If yes, install the updates in a timely manner. For details, see the description on the corresponding official website. The query command varies with the OS.
   • Ubuntu

     apt list --upgradable

   • openEuler

     yum updateinfo list available

3. In addition to installing the latest security patches, you also need to harden the security of the server OS, for example, configuring strong passwords and disabling unnecessary service ports. For details, see the description on the corresponding official website.

Android Security Updates

1. The Android ecosystem is supported by Google. The ecosystem not only provides system updates of improved functionality and stability, but also security updates that ensure device security. Security update patches are mainly provided by the Android Open Source Project (AOSP) and upstream Linux kernel and system on a chip (SoC) manufacturers to ensure that Android devices are not affected by the latest security vulnerabilities of hardware and software. Google periodically pushes security updates to devices and releases security update notices.
2. Use the source code provided by the AOSP and the patch links provided in security update notices to perform security updates in a timely manner based on the site requirements to ensure the proper running of the Kunpeng BoostKit for ARM Native.

Periodically update and harden the open-source software involved in the solution. For details, see the official documents of the open source software.