HarmonyOS Security and Privacy Forum Highlights StarShield 2.0 Ecosystem Innovation

At the Huawei Developer Conference (HDC 2025) held on the morning of June 21st, the “HarmonyOS Security and Privacy Evolution under StarShield Security 2.0 and Ecosystem Openness” sub-forum took place in Sanyapo. The event brought together security experts from partner companies and Huawei’s own security and privacy technology specialists. Discussions focused on APP governance and regulation, the core capabilities of StarShield Security 2.0, and exemplary practices developed by ecosystem partners leveraging the framework. This forum served as a knowledge-sharing platform for developers, delving into innovations and practical applications in security technology.

As one of HarmonyOS’s six defining features, security and privacy remain a pivotal direction for operating system evolution. Huawei has proactively reinforced its security architecture with StarShield Security, fundamentally redesigning the OS’s security system to achieve its core objectives: “pure security, controllable privacy, and high data security.” This forum highlighted the latest advancements in AI security, Passkey for seamless passwordless authentication, Digital Shield for financial security, secure camera functionalities, secure geolocation services, sensitive data protection, and enterprise security solutions, all within the StarShield Security 2.0 framework.

APP Governance and Regulation: Exploring and Implementing APP Oversight in the Era of Emerging Technologies

During the forum, Ma Xin, Director of the Terminal Products and Services Quality Certification Center at the China Academy of Information and Communications Technology (CAICT), delivered a keynote on “APP Governance Practices Amidst New Technologies.” He provided a comprehensive overview of the evolution of personal information protection within the app ecosystem and offered insights into future regulatory trends. Xin also detailed HarmonyOS’s technical solutions for app purity control, privacy labeling, privacy hosting, and PAC (Proxy Auto-Config), establishing a strong benchmark for enhancing user data protection and advancing industry governance.

StarShield Security 2.0 – The Evolution and Future of Security and Privacy Under StarShield Security 2.0

The forum provided an in-depth look at the core capabilities of StarShield Security 2.0. Building upon StarShield Security 1.0, which introduced a software-hardware integrated approach and a refactored kernel for enhanced pure security, controllable privacy, and high data security, StarShield Security 2.0 elevates these protections further. Enhancements include advanced AI-driven security, Data Loss Prevention (DLP), robust enterprise security, and fortified financial security measures, catering to the evolving security and privacy demands of AI, enterprise, and financial sectors. This continuous improvement solidifies HarmonyOS’s security foundation and its support for the broader ecosystem of applications.

Focusing on Trusted Application Services, Security Risk Detection, AI Intelligent Computing, and Sensitive Data Protection to Build the Security and Privacy Foundation of the HarmonyOS Ecosystem

Huawei’s security and privacy experts also shared insights into HarmonyOS’s recent technical advancements in areas such as trusted application services, security risk detection, AI intelligent computing, and sensitive data protection.

In the realm of trusted application services, HarmonyOS maintains a strong commitment to financial security. Leveraging the iTrustee Security OS capabilities, it has developed trusted application services for secure cameras and secure geolocation, providing robust support for financial security. For secure cameras, images processed by the Camera ISP are signed within the Trusted Execution Environment (TEE) and returned to the camera and applications. This allows applications to verify the integrity of the images, ensuring they haven’t been tampered with. This capability has already been adopted by leading apps like Alipay and will be made available to a wider range of ecosystem applications. Regarding secure geolocation, HarmonyOS ensures the integrity of hardware GPS and Wi-Fi SSID information by signing it within the TEE before it’s returned for application verification, effectively detecting any potential tampering. This feature is already implemented by partners such as Bank of Communications, China Construction Bank, Alipay, and Today’s Watermark Camera, significantly enhancing their risk control and business security.

In security detection, HarmonyOS employs more powerful system-level detection services to identify application risks. These services, while prioritizing user privacy, assess device security risks and provide this information to applications, thereby enhancing their risk control precision and bolstering business security.

For AI intelligent computing, HarmonyOS utilizes a cloud-edge collaborative approach to create an end-to-end privacy-preserving computing environment, enabling “cloud to empower edge, boosting computing power while data remains on edge.” Data is encrypted throughout its lifecycle, with provable security and adaptive strategies based on data risk levels. HarmonyOS effectively safeguards user privacy through three key technologies: provable privacy protocols, full-link identity anonymization, and efficient, simplified OHTTP protocols, all aimed at preventing data computation tracking. Furthermore, the iTrustee Security OS and privacy-preserving partitions ensure that cloud-side inference data is neither leaked nor retained.

In sensitive data protection, StarShield Security 2.0 introduces EL5 encryption, which generates unique encryption keys for each application and offers a flexible key management mechanism. Applications can autonomously manage key deletion upon lock screen activation. Once deleted from memory, these keys become irretrievable without user authentication, guaranteeing data security even if the device is lost. Currently, EL5 capabilities are integrated into several core system scenarios and have been adopted by the “Exclusive Ding” office application from DingTalk to secure sensitive office data when the screen is locked. This feature significantly enhances user control over their data and strengthens terminal data security.

Showcasing Exemplary Practices: A Comprehensive Display of HarmonyOS Security Capabilities Across Various Business Scenarios

Throughout the forum, numerous ecosystem partners showcased their successful implementations of “StarShield capabilities” across diverse terminals and business scenarios, underscoring the breadth and depth of the HarmonyOS security ecosystem.

Volcano Engine’s Feilian App was among the first to integrate HarmonyOS’s FIDO-protocol-based Passkey capabilities. This allows users to experience seamless and secure passwordless logins within applications, on web pages, and even across devices. By leveraging on-device biometric authentication methods like fingerprint and facial recognition, the integration ensures both efficiency and security, enhancing user convenience while effectively mitigating unauthorized access risks.

In collaboration with security shield manufacturers, Bank of Communications has developed a mobile security shield product based on HarmonyOS’s Digital Shield service. This product, powered by iTrustee Security OS’s trusted application services, will support high-level authentication for transactions up to one million yuan per transaction, meeting stringent financial-grade security requirements.

Damai has significantly improved platform transaction fairness and user experience by integrating HarmonyOS’s robust security features, including Device Attestation, Device Verify, Safety Detect, and group control identification. These capabilities have enabled precise identification of scalpers, with over 99.96% of fraudulent users detected and over 9 million risky attempts intercepted.

Ant Group Security has implemented a suite of system-level security capabilities provided by the HarmonyOS platform, such as secure cameras, secure geolocation, trusted devices, privacy-preserving computing sandboxes, key management services, device owner identification, fraud scenario detection, and anti-cheating mechanisms. These are applied across various scenarios including anti-cheating, anti-fraud, and secure facial payment, collectively establishing a trusted boundary for terminal devices. In anticipation of the AI agent era, Ant Group Security also shared insights into the emerging risks and security challenges posed by multi-agent collaboration on mobile terminals, proposing a framework for building a security protection system for such collaborations and calling for broader ecosystem participation in developing related security infrastructure.

AsiaInfo Security, leveraging the HarmonyOS security foundation, particularly the Data Protection Kit and Device Security Kit, has developed an integrated enterprise security solution built on the HarmonyOS system, leading to a multi-fold increase in product development efficiency. Its unified terminal security product, Trustone, provides real-time virus scanning and custom scanning capabilities. By subscribing to HarmonyOS’s rich security event streams, the solution enables precise detection of attacks, rapid response, and the generation of attack event trees. Furthermore, utilizing HarmonyOS’s DLP services, it implements fine-grained access control for sensitive documents based on user roles, organizational structures, and network access locations, along with visualization of sensitive document distribution and flow, thereby achieving visual and traceable control of sensitive documents.

QiAnXin has demonstrated its achievements in deeply integrating TianQing mobile security with HarmonyOS’s StarShield Security architecture. This solution harnesses HarmonyOS’s enterprise security and Mobile Device Management (MDM) capabilities, focusing on continuous identity authentication, trusted environment awareness, dynamic access control, and robust MDM security for enterprise devices. It provides comprehensive enterprise security solutions by incorporating application obfuscation, encryption, code signing, device security detection, Device Verify for device anonymity queries, and secure geolocation, ensuring secure and controlled enterprise operations.

The successful conclusion of this forum not only showcased the maturity and industrialization capabilities of HarmonyOS’s security system but also highlighted Huawei’s strategic commitment to fostering a trusted terminal ecosystem in collaboration with its partners. HarmonyOS will continue to invest in opening up and enhancing its core security capabilities, driving the standardization and industrialization of StarShield Security 2.0 to deliver a more pure, secure, and trustworthy intelligent experience for users.