简体中文
GeeTest Device Fingerprinting Compliance Guide
In accordance with the Personal Information Protection Law, the Data Security Law, the Cybersecurity Law, and other applicable laws, regulations, and regulatory requirements, application developers and operators ( Developers) must respect and protect the personal information of end users when providing network products and services. Developers shall not illegally collect or use personal information, and must ensure that processing activities are based on end-user authorization and consent. Developers are required to follow the principle of data minimization and adopt effective technical and organizational measures to ensure the security of personal information.
To support Developers in meeting user data protection requirements when using GeeTest Device Fingerprinting, and to avoid potential risks of infringing upon end-user rights, this Compliance Guide is provided as a reference for Developers to conduct self-assessments and configure the service appropriately, with the goal of continuously improving personal information protection practices.
GeeTest Device Fingerprinting Configuration Capabilities
1. Integration / Upgrade to the Latest SDK Version in Compliance with Regulatory Requirements
We place great importance on SDK functionality optimization, personal information security, and protection. To ensure compliance with the latest regulatory and industry requirements, the SDK is continuously updated and iterated to enhance product security and stability.
We strongly recommend Developers to integrate the latest SDK version in order to access the latest features and avoid adverse consequences resulting from delayed updates (e.g., app removal from app stores due to non-compliance).
Upon each SDK release, update details are published in the [Documentation Center] on the official website. Developers may also log into the user console to obtain the latest SDK version.
2. Configuration of SDK Extended Business Functions
Regulatory Requirement: The SDK Compliance Usage Guidelines must describe all extended business functions provided by the SDK, and explain how Developers can disable them, including configuration examples.
Integration Notes:
The extended business functions provided by the GeeTest Device Fingerprinting SDK include:
- Usage statistics of Device Fingerprinting APIs
- Exception detection of Device Fingerprinting APIs
- Ensuring product and/or service compatibility across different devices
- Attribution analysis for Device Fingerprinting failures
The Device Fingerprinting product is a non-UI solution, which means that neither you nor your end users can directly perceive whether the above extended business functions are enabled or disabled. The invocation of the Device Fingerprinting service is determined by the timing of your integration and use. If you and/or your end users exit the application or terminate subsequent processes in scenarios where the Device Fingerprinting service is applied, developers are required to comply with applicable laws and regulations by providing end users with a clear and accessible option within the App to opt out of the above extended business functions. Developers must also ensure that, once an end user chooses to exercise the opt-out option, the core Device Fingerprinting capability interfaces continue to operate properly without being affected.
iOS Configuration Documentation: https://docs.geetest.com/g5/Integration/IOS
Android Configuration Documentation: https://docs.geetest.com/g5/Integration/Android
3. Configuration of Optional Personal Information in the SDK
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly describe each category of optional personal information collected by the SDK, its purpose, applicable scenarios, and how Developers can disable such collection, with configuration examples.
Integration Notes: GeeTest CAPTCHA v3 currently does not provide any personal information collection items that users can choose to provide or withhold. In line with the principle of data minimization, only the personal information strictly necessary for functionality is collected. Should any optional personal information collection configurations be introduced in the future, Developers will be promptly notified.
4. Configuration of Data Collection Frequency and Granularity
Regulatory Requirement: If the SDK allows personal information to be collected at different frequencies or levels of granularity, the SDK Compliance Usage Guidelines must explain the purposes and scenarios for such collection, as well as provide configuration instructions and examples.
Integration Notes:
- Collection Frequency: Data collection by GeeTest Device Fingerprinting occurs only when the app invokes related functions or when triggered by end-user interactions. The SDK does not perform background or scheduled collection, and no configurable frequency controls are involved.
- Collection Granularity: GeeTest Device Fingerprinting does not support collection of personal information at varying levels of precision.
Summary of GeeTest Device Fingerprinting Data Collection Frequency and Configuration:
Device Information
| Personal Information Type | Configurable | Purpose and Use | Frequency | Platform |
|---|---|---|---|---|
| Device Model | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS / Mini Program |
| Device Brand | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS / Mini Program |
| System Platform | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS / Mini Program |
| System Version | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS / Mini Program |
| System Language | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| Screen Height | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / Mini Program |
| Screen Width | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / Mini Program |
| Device Type | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| Memory Size | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| Device Name | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| Carrier Name | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| System Properties | Not configurable | Supports business and security strategies | Passively collected on each call | Android / iOS |
| OAID | User configurable | Supports security capabilities | Passively collected on each call | Android / HarmonyOS |
| ODID | Not configurable | Supports security capabilities | Passively collected on each call | HarmonyOS |
| Android ID | Not configurable | Collected from Android 2.2.1 onward, supports business and security strategies | Passively collected on each call | Android only |
| MAC Address | Not configurable | Supports business and security strategies | Passively collected on each call | Android (below version 11) |
| Wi-Fi SSID | Developer configurable | Supports business and security strategies | Passively collected on each call | Android / iOS |
| Wi-Fi BSSID | Developer configurable | Supports business and security strategies | Passively collected on each call | Android / iOS |
| SIM Card Status | Not configurable | Supports business and security strategies | Passively collected on each call | Android only |
| IDFA | Not configurable | Collected from iOS 2.2.2 onward, supports business and security strategies | Passively collected on each call | iOS only |
| IDFV | Not configurable | Collected from iOS 2.2.2 onward, supports business and security strategies | Passively collected on each call | iOS only |
| Location Information | User configurable | Collected from Android 2.2.1 and iOS 2.2.2 onward, supports business and security strategies | Passively collected on each call | Android / iOS / HarmonyOS |
| Screen Color Depth | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Screen Color Gamut | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| High Contrast Mode Status | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Cookies Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Operating System | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Forced Colors Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Memory Size | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| CPU Cores | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Display Dynamic Range | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Structured Storage Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Browser Language | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Local Storage Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Database Capability Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| System Type | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Plugin Information | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Screen Resolution | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Session Storage Enabled | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Time Zone | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Touch Screen | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| User Agent | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Browser Information | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Web |
| Web Referrer | Not configurable | Collected from Web 1.0.9 onward, builds security models | Passively collected on each call | Web |
| Device Battery Level | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Mini Program |
| Charging Status | Not configurable | Builds security models and supports device fingerprinting algorithms | Passively collected on each call | Mini Program |
Network Information
| Type of Personal Information | Configurable | Purpose and Use | Frequency | Platforms |
|---|---|---|---|---|
| IP address | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
| Wi-Fi status | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
| Network type | Not configurable | Supports business operations and security policies | Collected passively with each request | Android / iOS / HarmonyOS / Web / Mini Program |
5. SDK System Permissions
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly explain which system permissions the SDK requires, how each permission relates to specific business functions, and when these permissions are requested.
Integration Notes: For optional system permissions in GeeTest Device Fingerprinting, Developers can refer to the table below to understand the relationship between each permission and its corresponding business function, as well as the appropriate timing for requesting the permission.
GeeTest Device Fingerprinting does not automatically request optional system permissions. However, not granting certain permissions may impact the functionality associated with them. Developers should configure permissions reasonably based on actual business needs.
Android Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| INTERNET | Mandatory | Allows the application to access the internet in order to connect to services | Upon initial app installation |
| ACCESS_NETWORK_STATE | Conditional: Not required for Android API 21+, but mandatory for Android 20 and below | Required for detecting whether the current network is mobile data or Wi-Fi on lower Android versions | Upon initial app installation |
| READ_PHONE_STATE | Optional | Grants access to the current phone state information, used for security risk control and generating new device identifiers | Requested upon first invocation |
| ACCESS_COARSE_LOCATION | Optional | Grants access to approximate device location, used for security risk control and generating new device identifiers | Requested upon first invocation |
| ACCESS_FINE_LOCATION | Optional | Grants access to precise device location, used for security risk control and generating new device identifiers | Requested upon first invocation |
| DETECT_SCREEN_RECORDING | Optional | Used for security risk control, available from Android API 35+ to detect the current screen recording status | Upon initial app installation |
| com.google.android.gms.permission.AD_ID | Optional | Grants access to the device’s GMS advertising ID, used for security risk control and generating new device identifiers | Upon initial app installation |
iOS Application Permissions
| Permission | Permission Type | Purpose and Use | Timing of Request |
|---|---|---|---|
| Cellular | Normal permission, requested dynamically | Grants the application access to the network | Upon initial app installation |
| Tracking Usage Description | Optional, requested dynamically | Allows access to IDFA, used for security risk control and generating new device identifiers | Requested upon first invocation |
6. SDK Initialization and Business Function Invocation Timing
- SDK Initialization and Business Function Invocation Timing
Regulatory Requirement: The SDK Compliance Usage Guidelines must clearly specify the proper timing for SDK initialization and the invocation of its business function interfaces in a compliant manner. Applications are required to inform end users, through clear and easily accessible means such as pop-ups, text links, or attachments, about the rules for processing personal information. This disclosure must include information regarding the data controller, the purposes of processing, the methods and types of data collected, and the data retention periods. End-user authorization and consent must be obtained before any personal data is processed.
Integration Notes:
- Initialization Timing: Developers must ensure that GeeTest Device Fingerprinting is initialized only after the end user has provided consent to the App’s privacy policy.
- Sensitive Permissions: Before obtaining user consent, the App should not request any sensitive device permissions related to personal information.
- Data Collection: Personal information must not be collected or uploaded prior to obtaining end-user consent.
- Background Execution: When the App is not actively providing services, for example, when it is running in the background, the SDK services should not be invoked.
For detailed guidance on initialization timing and platform-specific integration, please refer to the following documentation:
- iOS Integration and Initialization: https://docs.geetest.com/g5/Integration/IOS
- Android Integration and Initialization: https://docs.geetest.com/g5/Integration/Android
7. SDK Privacy Policy Disclosure Requirements and Example
Requirements:
The SDK Compliance Usage Guidelines shall provide an example of how the application should disclose the SDK privacy policy terms to end users. Such disclosure must include the SDK name, company name, types and purposes of personal information processed, collection methods, and links to the SDK’s privacy policy.
Integration Note:
After integrating the Device Fingerprinting SDK into your App, the SDK will collect necessary end-user information to enable its functionality. Device identifiers and related services establish device fingerprints, device tags, and traffic (account) tags based on device and account information, serving as risk control tools. These capabilities provide a unique device identifier, identify and expose fraudulent activities, and generate multidimensional device tags to support decision-making and optimize ROI. Additionally, time-series traffic tags help enterprises build intelligence, detect anomalies, and identify high-quality users.
Developers are required to disclose details such as the Device Fingerprinting SDK name, company name, categories and purposes of personal information processed, collection methods, and privacy policy link in their App’s privacy policy according to the actual integration scenario.
It is recommended that developers:
- Confirm the specific version and functional modules of the integrated Device Fingerprinting SDK.
- Identify the categories of data exchanged with the Device Fingerprinting SDK.
- Disclose the relevant SDK information in the App’s privacy policy, either in text or in a structured list.
SDK Privacy Policy Disclosure Example
Device Fingerprinting SDK Privacy Policy:
- Third-Party SDK Name: Device Fingerprinting SDK
- Third-Party Entity: Wuhan Jiyi Network Technology Co., Ltd.
- Purpose of Use: To establish a unique device fingerprint based on device and account information, enabling the identification and exposure of fraudulent behaviors and malicious techniques, and supporting security risk management and business decision-making.
- Types of Personal Information Collected: Device model, device brand, system platform, system version, system language, screen height, screen width, device type, memory size, device name, carrier name, system attributes, OAID, ODID, AndroidID, MAC, IMEI, Wi-Fi SSID, Wi-Fi BSSID, SIM card status, IDFA, IDFV, location information, etc.
- Collection Method: On-device collection by the SDK
- Third-Party Privacy Policy Link: [GeeTest Device Fingerprinting Privacy Policy]
8. End-User Rights Configuration
Regulatory Requirement: End users have the right to be informed about, decide on, access, copy, supplement, correct, withdraw consent for, delete, and request the deactivation of their personal information. If these rights are provided to end users through embedded interfaces, the SDK Compliance Usage Guidelines must specify the interface invocation methods and provide usage examples.
Integration Notes: After integrating GeeTest Device Fingerprinting into the App, the SDK collects only the personal information necessary to enable the one-click verification functionality. Developers are responsible for providing end users with clear mechanisms or features to exercise their personal information rights in accordance with applicable laws and regulations.
If cooperation from GeeTest Device Fingerprinting is required to fulfill end-user requests, developers should promptly contact us so that we may work jointly to resolve such matters.
Contact Email:service@geetest.com