# Health Operations Guidelines
# User security solutions
# Security controls interface
In order to improve the ecological security of WeChat open platform, aiming at the potential black production risks and security problems in Weixin Mini Program application scenarios such as malicious registration and marketing cheating,The platform open API method provides developers with a security risk control interface to help developers cope with marketing cheating risks such as swiping bills, fake transactions, malicious cheating of subsidies, and registration black production risks suchas bulk registration, falsification of identity, so that developers can maintain the order and security of Mini Program operations.
# Security risk control interface provides capabilities and application scenarios
- Marketing cheating scenario: In marketing activities such as first-order offers and special discount offers, effectively identify fraudulent billing, fake transactions, malicious insurance fraud and subsidies that disrupt operational order and safety.
- Malicious registration: Identifies and blocks malicious registration behaviors such as batch registrations, spam numbers, and identity fraud on machines.
# The competency application process
- Log in Weixin Mini Program and apply for opening in [Development → Development Management → Security Center → User Risk Control → Security Risk Control Interface].
# Level of risk explaination and recommendations for use
The developer can judge the level of risk according to the level of risk. The significance of the level of risk and the use of the corresponding business, please refer to the following instructions and suggestions, specific use can be adjusted dynamically according to the actual situation of the business, in order to achieve accurate intercept, protect the sound development of the business.
| Level of risk | Proposed disposal scheme |
|---|---|
| Level of risk 0 | There's no risk, no blocking. |
| Level of risk 1 | Low suspicious risk, and simple verification (e.g. verification code, SMS, etc.) is recommended. |
| Level of risk 2 | Slight suspicious risks. Simple verification (e.g. verification code, SMS, etc.) is recommended. |
| Level of risk 3 | Moderate suspicious risk, and it is recommended to take certain measures to avoid harm depending on the business scenario. For example, marketing campaigns can reduce the probability of high-level rewards; List-based campaigns reduce the weight of such votes; Login registration requires secondary verification, etc. |
| Level of risk 4 | Highly suspicious risk, recommended direct interception based on business logic. For example, red envelopes-type activities return no winnings or a minimum amount of red envelope; No counting of votes is taken at a list-based event; The login / registration operation requires secondary verification; High-risk businesses have the option to restrict this operation. |
# Develop Access Guidelines
# Content Security Solutions
In order to improve the ecological security of WeChat, Platform open API provides content security solutions to developers to help developers cope with issues such as sensitive content identification under text, picture, audio content types, yellow content recognition, and violent terrorist content identity, so that developers can maintain order and security of Mini Program operations.
# Text Content Security Detection:
****: The text audit interface can identify pornography, current political violations, violence and other illegal and harmful content in the text information, and help users to prevent violation risk timely and accurately. It can be used for content audit, sensitive information filtering, public opinion monitoring and other scenarios.
- The function is based on a massive sensitive thesaurus of 100 thousand level, combined with a variety of text countermeasures, policy authority requirements, etc., and the use of deep learning technology, efficient identification of high-risk and harmful content. At the same time, we will continuously update iterations based on large-scale text and real-time anti-missive systems to ensure that the effectiveness continues to improve.
Application scenario : User profile text content detection;Detect the content of articles published by media news users and community comments;Game users edit uploaded material (such as answer class Weixin Mini Program user uploaded questions and answers) detection.
# Image Content Security Detection:
**** : Picture content security is based on Tencent's massive data resources and deep learning technology.Providing developers with intelligent auditing services for image content can not only help users reduce the risks of pornography, current political violations, violent terrorism, etc., but also greatly save the cost of manual auditing and protect the healthy development of the business.
- Images can be sexually recognized by learning and analyzing multiple dimensions such as skin color, posture and scene in images.
- Provides scene recognition including facial recognition of sensitive people and sensitive events.
- Based on public opinion analysis, we provide a more rigorous model of terrorism, intelligently identifying violence, bloody scenes and suspected banned graphic content such as terrorism and extremism.
Application scenario : user-defined avatar detection, involving photo tools applications (such as P map, self-timer applications) user photo upload detection;Image inspection of e-commerce products on the shelves; Image detection in media users' articles; Detection of pictures uploaded by social users, etc.
# Audio Content Security Detection:
Functional description : Identify illegal content such as yellow, political, abuse in audio, thereby reducing labor costs and improving audit efficiency. Application Scenario : Voice detection in game chat channels;Voice detection of anchors in live broadcasts; The forum community publishes audio detections of relevant media content.
# Develop Access Guidelines
- Text Content Security Interface document: msgSecCheck
- Audio / Picture Content Security Asynchronous Interface Documentation: mediaCheckAsync
# Common problem
# Please do not rely solely on content security services
- The Weixin Mini Program UGC content is connected to the content security service, which can effectively alleviate the manual audit,Reducing the risk of non-compliance, but the inclusion of a content safety service does not guarantee a permanent solution to all issues. To further ensure content safety, we still recommend implementing human review and confirmation in certain aspects to address some of the limitations inherent in AI algorithms.
- For example, the content of the API is judged as a REVIEW, indicating that there may be risks and requires manual confirmation; The API determines that the content of the PASS may contain missed violations, which can be checked in accordance with a certain proportion.
# How should I give feedback if I have a question or need for a content security solution?
- The WeChat open community has opened a security risk control area, developers can go to the security center area post interactive exchange.