Securities code: Shenzhen Guohua Network Security Technology Co.Ltd(000004) Securities abbreviation: Shenzhen Guohua Network Security Technology Co.Ltd(000004) Announcement No.: 2022010 Shenzhen Guohua Network Security Technology Co.Ltd(000004) 2021 annual report summary I. important note: the summary of this annual report is from the full text of the annual report. In order to fully understand the company’s operating results, financial status and future development plan, investors should carefully read the full text of the annual report in the media designated by the CSRC. Tips on non-standard audit opinions √ applicable □ not applicable. Grant Thornton Certified Public Accountants (special general partnership) issued an audit report with qualified opinions on the company’s financial statements in 2021. The board of directors and the board of supervisors of the company have made detailed explanations on relevant matters, which should be read by investors. The profit distribution plan of common stock or the plan of converting accumulation fund into share capital in the reporting period reviewed by the board of directors □ applicable √ not applicable. The company plans not to distribute cash dividends, bonus shares or convert accumulation fund into share capital. Preferred stock profit distribution plan for the reporting period adopted by the board of directors □ applicable √ not applicable II. Basic information of the company 1. Company profile
Stock abbreviation Shenzhen Guohua Network Security Technology Co.Ltd(000004) stock code Shenzhen Guohua Network Security Technology Co.Ltd(000004)
Shenzhen Stock Exchange
Contact person and contact information secretary of the board of directors securities affairs representative
Name: Liang Xin, Ruan Xuli
Office address: Zhuoyue Meilin center square, Meilin Road, Futian District, Shenzhen Zhuoyue Meilin center square, Meilin Road, Futian District, Shenzhen
2206, block B (South District)
Fax (0755) 83521727 (0755) 83521727
Tel: (0755) 83521596 (0755) 83521596
E-mail liangxin@sz Shenzhen Guohua Network Security Technology Co.Ltd(000004) .cn. [email protected].
2. Introduction to main business or products during the reporting period
During the reporting period, the company was mainly engaged in mobile application security services. With the rise of digital economy and the vigorous development of Internet applications, the company, as a professional comprehensive service provider of mobile application security, continues to work intensively in the field of mobile application security, actively build a mobile application security ecosystem around the company’s core competitiveness, and build products, services and solutions covering the whole life cycle of mobile application development, testing, release and operation. From the perspective of multi-dimensional laws and regulations of the company and application lines, closely match the security demands of users and users in the field of mobile industry, security and application lines, and closely match the security demands of users and users in the field of mobile industry. Combined with the company’s long-term development plan, the company has made hierarchical classification of products based on business. For customers with basic needs for mobile application security, the company mainly provides basic tool products and services such as security reinforcement and security detection; For mobile application users with in-depth security needs, the company mainly provides products and services such as security consulting, security management and in-depth security services; For industry users who need to pay long-term attention to mobile application security, the company mainly provides platform level products and services such as mobile application security big data supervision and compliance evaluation. At present, the company’s mobile application customers have covered finance, operators, government, e-commerce, energy, education, health care, Internet enterprises, games and other industries.
1. Basic tool products and services
The company provides mobile application security basic protection tool products for mobile application development and users, mainly including security protection and security detection tools and security kits. Through tool products, users can solve mobile security codes and main security risks in the process of use at one time.
① Security protection: Android DEX reinforcement technology, so reinforcement technology, SDK reinforcement technology, input and output information protection technology, key white box technology, C / C + + / OC / swift source code confusion protection technology, java2cpp protection technology and Solink technology are comprehensively adopted to provide users with comprehensive mobile application reinforcement and attack prevention tools and security suite through the leading eighth generation all in VMP reinforcement technology. Security protection products include Android application reinforcement, IOS application reinforcement, Hongmeng application reinforcement, so reinforcement, SDK reinforcement, H5 reinforcement, wechat applet reinforcement, secure soft keyboard SDK, secure clearing SDK, communication protocol encryption SDK, key white box SDK, etc; Realize all-round comprehensive protection of mobile application assets (APP / H5 / Applet / so / SDK).
② Security detection: adopt static detection, dynamic detection, personal information detection, content detection and other technologies to comprehensively detect security vulnerabilities, coding defects, personal information security and other problems in mobile applications, avoid security accidents caused by security vulnerabilities in advance, prevent security risks in time, issue professional security detection reports, and give detailed solutions to the problems found. The mobile application security detection platform includes Android application detection, IOS application detection, SDK detection, personal information security detection, wechat official account detection, wechat applet detection, content detection, industrial app detection, firmware detection, etc. Among them, the personal information security detection product is the key product system, which is developed in close combination with the regulatory requirements and the business needs of the enterprise; Relevant standards include: network security law of the people’s Republic of China, personal information protection law (Draft), GB / T 352732020 personal information security specification for information security technology, basic specification for information security technology mobile Internet application (APP) to collect personal information (Exposure Draft), self-assessment guide for mobile Internet application (app) to collect and use personal information Network Security Standard Practice Guide – Mobile Internet application (APP) personal information protection common problems and disposal guide, mobile Internet application (APP) system permission Application guide, APP illegal collection and use of personal information self-assessment guide, APP application for Android system permission mechanism analysis and suggestions, APP illegal collection and use of personal information behavior identification method Provisions on the scope of necessary personal information for common types of mobile Internet applications, notice on carrying out special rectification of APP infringement on users’ rights and interests (mixin Guan Han [2019] No. 337), notice on carrying out special rectification actions to promote app infringement on users’ rights and interests in depth (mixin Guan Han [2020] No. 164), measures for exit security assessment of personal information (Draft for comments) Regulations on network protection of children’s personal information.
2. Mobile application security industry products and services
In order to meet the use needs of mobile applications of industry users, the company provides in-depth mobile application security solutions closer to industry applications on mobile application tool products, focusing on solving the systematic mobile security management problems that industry users need to solve in the stages of mobile application development, testing, release and operation.
① Security management: with enterprise mobile business security as the core, it provides security management capabilities from the whole life cycle of planning, design, development, testing, online and operation for business scenarios such as regulatory compliance, security construction and risk control, so as to meet the systematic construction needs of enterprises in mobile security. Security management products include mobile application security comprehensive training platform, security development life cycle management platform and mobile application filing platform; Based on the core requirements of enterprise users’ unified management of security business tools, application and business all-round risk perception and security maintenance, the platform independently designs and develops mobile security platform products on the basis of mobile security encryption products, integrates and manages single product scheme and business operation data, and solves the problems existing in enterprise user data management, intelligent terminal application supervision management and enterprise security tool management.
② Business operation: infobeat intelligent data platform provides enterprises with business operation analysis and data application capabilities based on mobile applications through comprehensive data collection, rich operation analysis models and convenient data application technology, so as to help enterprises realize continuous intelligent operation.
③ Threat awareness: the mobile threat situational awareness platform can collect real-time data of mobile applications, collect security information during the use of applications, and conduct situation awareness, real-time response and post tracking of security events through big data technology, so as to help enterprise security managers master the overall security situation of mobile services. The mobile threat situation awareness platform has the ability to continuously monitor the security of mobile application products, and can find all kinds of attack threats, abnormal behavior, environmental risks, etc. in time; It has the ability of threat investigation, analysis and visualization, can quickly distinguish the impact scope, attack path, purpose and means related to the threat, and make effective security decision-making and response; It can establish a security early warning mechanism and generate threat risk reports to help security managers grasp the overall security situation of mobile application products in time.
④ Security services: provide customers with one-stop mobile security services covering the whole life cycle of mobile business planning, design, development, implementation, detection, compliance and monitoring, assist customers to establish information security management system, meet security compliance requirements, and comprehensively protect the security of customers’ mobile business through personal information detection services, source code audit, penetration test, compliance evaluation, equal assurance consultation and security training, Ensure the security and compliance of mobile services. Security service products include personal information security detection service, source code audit service, penetration test service, compliance evaluation service, security training service, re insurance service, mobile application security customization service, information security management system consulting service and information security level protection consulting service. As the focus of security service business during the reporting period, personal information detection service closely followed the regulatory requirements and market demand, and significantly improved the service capacity and service business of personal information security detection. See relevant standards in Item 2 for relevant implementation standards.
3. Regulatory platforms and services
With the continuous attention of the state on the safe operation of the Internet, the state and relevant industry executives have intensively issued relevant standards, management specifications and guidance. Mobile application operators need to meet relevant regulations to ensure the safe, stable and compliant operation of mobile Internet applications. Relying on the accumulation of the ability to release and track the use status of mobile application channels over the years, the company provides mobile application operation security status monitoring services for regulatory authorities, large industry users and end users through the mobile application big data platform, and actively responds to the dynamic security problems of mobile applications caused by rapid technological iteration, scattered applications and large users.
① Mobile application big data monitoring platform: for Internet mobile applications, according to the regulatory requirements of national / industrial regulatory authorities, comprehensively utilize big data, mobile application security detection, identity authentication and other technologies to provide active, continuous and dynamic risk business identification, detection and analysis for various types of Internet mobile applications. The platform effectively integrates the company’s basic security protection and detection capabilities of mobile applications through the call of capability engine, presents the safe operation status and level of mobile applications qualitatively and quantitatively through the built-in security assessment model, matches various mobile application software codes and applications with the security baseline in the mode of “product + service”, and realizes the risk control closed-loop control of early identification, early warning and early disposal of mobile application risks, Achieve the goal of improving the service quality of mobile applications. The platform can push relevant mobile application security monitoring data in various forms of information release for enterprise users and end users according to the needs of industry users.
② Advanced human services for mobile application security: comply with the network security law, data security law and personal information protection law, in accordance with the code for personal information security of information security technology (GB / T 352732020), the guide for personal information de identification of information security technology (GB / T 379642019) National standards such as information security technology, mobile intelligent terminal security technical requirements and test and evaluation methods (GB / t397202020) provide advanced security services of mobile application security compatibility test, manual penetration and compliance for high-end users in the industry. Compatibility test includes compatibility (installation, startup, operation, uninstall success rate and failure rate), performance (installation, startup time, memory occupation, CPU occupation, traffic consumption) and business function correctness test for the original package and reinforcement package of mobile application. Manual penetration is aimed at Android and IOS mobile applications. From the perspective of hacker thinking and debugging, professional software engineers conduct static and dynamic manual analysis on the program security, data security, business logic security, system environment security and other contents of mobile applications in many aspects, so as to obtain the potential safety hazards in application installation and unloading process, user data input, storage and processing, network transmission and system environment. Compliance testing is a compliance evaluation service for the illegal collection and use of personal information by app, focusing on solving the information security problems concerned by users such as the illegal collection and use of personal information by app and excessive claims, avoiding the serious consequences such as marketing push, advertising harassment and even precision fraud, fully safeguarding the rights and interests of users and property security, deeply promoting the compliant and safe use of app with practical actions, and establishing a good corporate image, Create a good business environment. In addition, the company actively develops emergency industry and smart city business. In terms of emergency industry, the company participated in the construction of emergency command center, safety risk assessment of safety development demonstration city construction, campus fire upgrading and other projects during the reporting period; In terms of smart city, the company participated in the implementation of smart campus related projects. The company’s emergency industry and smart city business are at the initial stage, but the development space is broad and will be the key field of the company’s future development. 3. Main accounting data and
