Recently, Jiangsu Province Consumer Protection Committee to Baidu's two mobile APP products' without the user's consent, access to such as monitoring phone, location, read short MMS and other permissions, suspected of obtaining individual consumers illegally Information "on the grounds, filed a civil law consumer consumer litigation.This news again by some people and the media as" Internet companies are closely monitoring users to collect big data for commercial promotion, "the key suspects.
However, suspected Internet companies have explicitly denied that they have such capabilities or attempts, security experts also advise users, do not listen to such rumors, Internet companies do not have the ability.
Internet giants have done what?
Things started in July last year, Jiangsu Provincial Consumer Protection Commission has conducted a number of popular mobile APP personal information security survey, including 'mobile Baidu' 'Baidu browser' two APP, 'before the installation of consumers, did not inform its Access to a variety of permissions and purposes; without the consent of the user, such as access to such as monitoring the phone, positioning, read MMS, read contacts, modify system settings and other rights'. The Consumer Protection Commission to Baidu Company After issuing the investigation letter, urged repeatedly failed to reply and decided to file a civil lawsuit against Baidu.
Baidu PR official yesterday in response to inquiries, said it has learned from the media reports of the lawsuit over the past few months, has been and the Jiangsu Provincial Consumer Protection Committee on mobile application product privacy protection and user rights management mechanism for a number of rounds of communication , Explain and clarify, and are still actively communicating at the moment.
As for the "monitoring phone" mentioned in media reports, this person emphasizes that this is due to the fact that the media has little understanding of the technology. In fact, he only obtained the use rights of the microphone and is mainly used for the voice search of the mobile phone Baidu and the voice of the map Navigation and other purposes.This and monitor the phone is two different things.Android, Apple system can not provide such an interface or permissions, Baidu's mobile application is not capable, and never apply for this permission. 'And, even the use of the microphone permissions, Will also pop-up window prompts the user whether authorized to obtain the corresponding service, the user authorized to use at any time can choose to shut down at any time.
Some netizens recently responded on the Weibo and so on. What kind of meal did the family members ask when they came in from get off work? After answering a question, I immediately turned to the phone and immediately started to present the cooking information recommended by the headlines today. 'Headlines said in a statement yesterday,' Unless the user explicitly click on the license, or whatever the phone model, the headlines today have no access to microphone permissions, can not receive any voice signal users '. At the same time, it also said that' from technology From the point of view, the current sound information technology processing, but also far less than the level of access to personal privacy through the microphone '.
After WeChat was led by Li Shufu, chairman of Geely, "Ma Huntin certainly see our Wechat every day," the remarks lead to an uproar, the external explained that 'WeChat does not keep any user's chat history, chat content is only stored in the user's mobile phone, computer And other terminal equipment; WeChat nor will any of the user's chat content for big data analysis.
Who is peeping our privacy?
Li Tiejun, a well-known security expert at Cheetah Company, told reporters yesterday that "it is not worth the effort of an Internet company to use this technology because it does not have the capability of an Internet company.
If part of the search results page to get visitors phone numbers and other personal information, Li Tiejun think it is not difficult to achieve, but this is a black product, 'This pot should not be back by Baidu'.
Last year, when Beijing Internet users inadvertently found a web site to provide services for grasping a user's mobile phone number while surfing the internet, they reported to the police and conducted a research on the website with the technical support and assistance of the Baidu security technology team, finally exposing a theft Personal information and property accounts for the illegal profit-making three new black industrial chain.The specific operation process is: some of the three sites from the secondary agent in the hands of the monthly or annual purchase of services, the 'mobile phone visitor marketing platform' provides Malicious code embedded in the webpage.When the user clicks on the page, they can see the user's mobile phone number, phone model, search keywords and other information in the background account, and hiring customer service for telemarketing, so that many Internet users may not Do not bear these harassments.
As of September 25 last year, the police have initially seized 26 websites and over 1 million messages, and 33 suspects were arrested.
What to do if I feel like being peeped?
For many users have recently responded to their own encounter a similar situation, could not help but be very worried.Li Tiejun said the user first and foremost think too much, the Internet company does not have this ability.
If you still do not worry, then Li Tiejun suggested to the phone's system permissions settings to filter all the applications need to use the microphone again, decide which is no longer authorized permissions.
Li Tiejun suggested that the system is not familiar with the white user, you can install the mainstream mobile security software to achieve, mobile phone rights management is one of the main functions of these security software.
Internet companies have said that Android operating system from the 6.0 version, a lot of strict application of authority, the application will apply for a single permission, some users will inevitably feel one by one or rejected too much trouble, simply all closed, which in turn will lead to Enjoy less than some of the new technologies and services such as voice control, weather information, facial recognition and anytime, anywhere access.
And for tens of thousands of sites that still contain malicious codes, Baidu recommends that users try not to go to unsafe websites and not to use unsafe WIFI. Set a more secure password for payment. Each App, Email, or Network Account with a different strong password, not a common password. Also, there are stolen or black, timely warning.
comment
Many APP 'crazy' for user information purposes?
According to Xinhua News Agency, January 3, Alipay opened the annual personal bill inquiries, sesame credit 'free ride' so that consumers 'choice' authorized to obtain personal information on the Internet exposure. Subsequently, the People's Bank of China talk Alipay and sesame Credit Recently, the topic of some APP over-claims and personal financial information security has become the focus of public opinion.
According to a survey conducted by Xinhua Opinion reporter, in order to collect user information, it occupies a market leading position in the era of big data. Some APPs are almost 'crazy' in claiming excessive consumer rights, and relevant laws and regulations lag behind.
'No one knows what data will be the focus of future business development, so having enough data is the key'
'In the era of big data, no one knows what data will be the focus of future business development, so having enough data is the key.Gathering the more data, the greater the marketing value.'A Internet sales in the industry One sentence broke the mystery.
Mr. Ye, an Internet practitioner, conducted statistics on 109 applications installed on his Android mobile phone. All 104 APPs have the non-mandatory permission to read the list of installed applications so as to understand user behavior and analyze peer situations. The second concern is the 'read native ID', which is used to identify the user, because each phone ID is unique; the third is 'read location information' permissions, there are 80 APP needs This permission can collect the user's range of activities.
The 2017 China Android Mobile Phone Privacy Security Report released by the DCCI Internet Data Center shows that the non-gaming APP2017 annualized certification of consumer satisfaction is declining, but the core privacy rights of the cross-border access to 'call records' and cross-border' read MMS recorded a substantial increase.
'From the industry perspective, are doing everything possible to collect user information' Zhu Li Xiang, senior security researcher at the National Engineering Laboratory for Mobile Internet Systems and Application Security pointed out that in essence, some APP developers do not have a bottom line.
Personal information data protection is facing three major challenges
In the interview, many experts expressed their worries about the information security, and they think there are three aspects to the legal protection of personal information data in our country at present:
- Law without 'Ming' right, fragmented protection. At present our country's protection of the rights of citizens' personal information has always been dependent on the protection of privacy and cybersecurity and other fields, has not yet formed a legal independent right, which led directly to the lack of relevant protection norms, The measures are not enough. 'Most are general and principled provisions, and there is a lack of enforcement.' "Said Wang Qinghua, director of the Center for Big Data and Artificial Intelligence Law at China University of Political Science and Law.
- Universal infringement, rights protection is difficult.An expert has the image of the current consumer personal information is infringed upon the environment compared to 'warm boiled frog' in a large number of different levels of illegal use of personal information collection environment, consumers not only difficult to understand What norms can support their own rights, and even difficult to know that they have been infringed.
Wang Qinghua believes that at present, the quality of various relevant provisions of 'real-name system' is uneven, and some local regulations even become the legal basis for authorized enterprises to over-collect information.
'The bigger the platform, the better-known company, the more need to cherish the user, protect and defend the user's personal information, legitimate and authorized to use, is an unshakable concept of the enterprise.' 'China Electronic Commerce Research Center Life Services electricity supplier Analyst Chen Li Teng table that grasp a large amount of raw data of the business, should be more consciously assume the responsibility to protect personal data, 'APP contains many users of private information, if not properly protected but' sneak 'for more information, it will be great Affect the user's sense of security. '
Strengthening supervision is imperative
Wang Qinghua believes that although China has a number of relevant laws and regulations to strengthen the protection of personal information and Internet-related consumer rights, but with the rapid development of the Internet, the need to establish a personality and other personality rights of personal information, at the legislative level The originally scattered protection provisions are integrated and a special protection mechanism is established.
Li Min, a senior partner at Shanghai Hansheng Law Firm, argues that it is no coincidence that the Alipay annual bill default check-in agreement is happening. "Whether the sign-off of the customer service agreement is clearly stated or whether the content of the agreement is legally compliant or not E-commerce legislation is imperative in order to further improve the legitimacy of the platform provisions and clarify the legal relationship between users and the platform. '
In addition, it is very important to strengthen the administrative supervision over the legitimacy of the giant enterprise's behavior, especially for consumers who have been infringed but not yet aware of the loss, they should conduct targeted inspections on the enterprises and set up an appropriate administrative penalty mechanism for infringement of personal information .
On January 2, Nanjing Intermediate People's Court filed an appeal to Jiangsu Consumer Protection Co., Ltd. for the alleged acquisition of consumer personal information illegally and related issues formally put forward for the case. "Developing Public Interest Litigation and Creating Social Consciousness of Protecting Individuals in the Field of Information and Supporting Consumer Protection Association on behalf of consumers have a positive role in safeguarding their rights. "Xiong Bingwan, a researcher at the Institute of Law under the Renmin University of China, said.
Zhao Zhulin, deputy director of Beijing Zhilin Law Firm, said that although it is impractical to manage many applications, regulators can start from the application store and indirectly manage applications through the management platform to enhance the application store's audit standards and continuously improve over-utilization of applications User information.