Ant Group’s Mobile Security Parallel Slice Wins 2023 Mobile App Security Vulnerability Governance Award

On January 16, the China Software Testing Center (Ministry of Industry and Information Technology Software and Integrated Circuit Promotion Center) and the Ministry of Industry and Information Technology Mobile Internet APP Product Security Vulnerability Professional Database (CAPPVD) held a Mobile Internet APP Product Security Vulnerability Technical Salon in Beijing, announcing and awarding the “2023 Mobile Internet APP Product Security Vulnerability Governance Excellent Cases” award, with Ant Group’s “Vulnerability Governance Solution Based on Mobile Security Parallel Slice” selected.

The rapid development of mobile internet has made the security landscape more complex. Mobile apps, especially platform‑type apps, contain many third‑party SDKs and mini‑programs. Lacking runtime monitoring and control, they cannot observe actual calls, leading to risks such as stealing user data and pushing malicious ads, which affect compliance. In dealing with regulatory compliance, stability, and confronting hackers and illicit actors, rapid emergency response and offense‑defense require developers to quickly fix online issues while integrating and upgrading numerous security products, burdening development and security processes.

In 2019 Ant Group pioneered a new security protection system called “Security Parallel Slice”. The mobile security slice integrates into technical infrastructure and application services as a parallel security space, decoupling business logic from security modules, allowing independent handling of security issues, saving resources and improving efficiency. It provides data introspection, behavior profiling, and business intervention for mobile apps, enabling runtime threat detection and protection against malicious privacy collection, serving as a foundational security facility that supports governance and defense tasks independently, widely, efficiently, and precisely.

In vulnerability governance, the slice‑based approach has the following characteristics: low intrusiveness, integrated via SDK with only startup code added; flexible configuration, all functions controllable via delivered config and custom cut‑points; timely response through monitoring dashboards and alert rules; rapid stop‑gap by analyzing risk logs and issuing new config to intercept specific risky behavior.

The mobile security slice is now part of Ant Group’s security system, deployed in Alipay, MyBank, WhaleSearch, international banks and other mobile apps, supporting privacy compliance, security offense‑defense, data security, demonstrating good universality and adaptability. More mobile apps will adopt the capability in the future.

In 2023, the TAF/T 162-2023 “Mobile Application Security Parallel Slice Technical Guide”, drafted partly by Ant Group, was officially released. The standard defines the architecture and provides deployment guidance regarding performance, stability, and security for mobile app security parallel slices.

With increasingly severe network threats, Ant Group will continue to prioritize security technology, uphold innovation and practice, and strive to raise industry security levels.