Electronic signature refers to the data contained in electronic form in a data message, which is attached to identify the signatory's identity and indicate their acceptance of the content. Since the implementation of the Electronic Signature Law in 2005, due to its characteristics of tamper resistance, traceability, and trustworthiness, electronic signatures have been widely used in scenarios such as network identity authentication, transaction signing, fixed evidence, and responsibility tracing. They are an important part of the full chain governance of mobile applications (APPs). With the rapid development of mobile Internet, APP has evolved from the earliest stand-alone software to the current real-time networking software. In addition, with the continuous integration of hardware facilities such as positioning systems, gyroscopes, sensors, cameras, microphones, fingerprints or facial recognition on terminals, apps have undergone revolutionary changes in functionality and user experience. Various violations of user rights such as illegal collection of personal information, inability to close pop-up ads, and personal privacy leaks often occur. To this end, the Ministry of Industry and Information Technology has carried out a series of special rectification work targeting the entire APP industry chain from 2019 to present, which has infringed on user rights and achieved positive results. However, the difficulty in identifying responsibilities for issues related to the APP industry and the uneven management level of relevant entities have led to new challenges in APP governance. There are many entities in the APP industry chain, and responsibility tracing is facing new challenges. The APP industry chain includes multiple entities such as SDK developers, APP developers, third-party testing agencies, application stores, and terminal manufacturers. However, there are still issues with unclear rights and responsibilities of some entities in the process of APP use and management. One issue is that there is unclear rights and responsibilities between SDK developers and app developers in the processing of personal information (such as collection, provision, and use) on the app. Before using the SDK and APP, although users need to accept relevant privacy policies and user agreements, these standard terms and contracts are often a "package" requirement for agreement. If not agreed, they are not allowed to use, in order to avoid the responsibility of the SDK and APP itself. It is difficult to define the responsibilities and obligations of both parties when the APP violates the processing of personal information. Secondly, in the process of APP management, third-party testing agencies, application stores, and terminal manufacturers have unclear management rights and responsibilities. From the completion of app development to installation to the user's smart terminal, it needs to go through multiple controls such as security checks by third-party testing agencies, compliance audits by application stores, and installation verification by terminal manufacturers. Especially in an open ecosystem like Android, security testing, compliance review, and installation verification may be implemented by different parties, but there is no clear division of management responsibilities among them. When there are security and compliance issues with the APP, the responsibilities of all parties are intertwined. The lack of information circulation in the APP industry poses new challenges to the improvement of enterprise management capabilities. Industrial information sharing is the cornerstone for improving industrial efficiency, promoting industrial innovation, and supporting the healthy and orderly development of industries. At present, identity data, credit data, security and compliance detection data of apps in an open ecosystem have not flowed through the industry in the form of data elements. Enterprises such as app stores and terminal manufacturers have duplicate authentication and duplication in the app management process