Subsequently, China Telecom responded by saying, 'On the premise of the user's consent, follow the principles of legality, legitimacy, and necessity. The APP adopts a unified application for user authorization in order to provide the required services in time according to the needs of the user. 'When the user agrees to the authorization, The app can use these permissions.'
'Whether it is a mobile APP or a PC, some companies collect large amounts of user information without hesitation, but can this information be used to effectively realize commercial value? Or it may not be possible that (the company) does not know what it can do, or Has not been used. 'The co-founder of the safety of fire safety, Ma Gang, said in an interview with the reporter of the First Financial.
Under the background of the era of data being oil, many companies think that the more data the better, over-acquisition of user data. On the one hand, enterprises are extremely eager for user data; on the other hand, enterprises do not keep this data properly, and even Underground trading has led to a huge network of black and gray industries.
Beware of excessive access to permissions
From the headphone mic right of the beginning of the year to 'eave' overhearing privacy events, Alipay's 2017 bill defaulted to check the “Sesame Credit Agreement”, whether WeChat will store it, read the discussion of the chat history, and the events again and again stimulate the sensitive nerves of the user.
Chinese users really do not care about privacy?
According to a recent survey conducted by the Clearing think-tank, nearly 70% of the interviewees' 'use of privacy for convenience' is 'voluntary', and over 70% believe that the online platform does not do well in respecting and protecting user privacy. The mobile phone APP personal information security survey report released by the Consumer Association on March 7 also showed that nearly 90% of the people think that mobile phone APP has excessively collected personal information, and nearly 80% believe that personal information on mobile phone APP is not safe.
Why is it 'voluntary'? Taking the Android mobile phone APP claim as an example, when a user downloads and installs an APP, he or she will be required to open multiple rights, including using phone rights, using location rights, using address book permissions, etc. If not If you agree, you cannot use the APP.
The over-acquisition of user rights in mobile phone APPs is related to the APP developer's position and business logic. An industry source told reporters that many newly-developed APPs provide only relatively simple functions and will provide more functions and services at a certain stage of development. Need some new permissions. 'A lot of developers do not know what permissions the future software needs, in the development of the first version will apply for a lot of permissions, to facilitate the upgrade later. But many features, even if it is not necessary to apply for permission, this The pit situation is very common.
Earlier this year, Tencent Social Research Center and DCCI Internet Data Center jointly released the "2017 Cybersecurity Security and Cyber Fraud Analysis Report" (hereinafter referred to as "Report"). The "Report" shows that it is very common to obtain user privacy through mobile phone applications. In the second half of 2017, 98.5% of Android apps were acquiring user privacy rights. Among them, 9% of mobile phone apps had the problem of gaining user privacy rights across borders.
How to define over-acquisition information? Ma Gang told reporters that 'enough to use, can not collect more'. For some software, mandatory authorization is reasonable, such as maps, travel software needs to obtain the user's location information .
However, in more cases, the APP only informs the user of some sensitive permissions when the initial installation is opened, and actually obtains more permissions. When the reporter checks the rights management of the mobile phone, the majority of the downloaded APPs will read the installed applications by default. List. It is reported that at present, many big data companies obtain the installed application list permission and master other software installed by the user at the same time, thereby analyzing the market share of competing products, and labeling the users to provide accurate marketing services for commercial enterprises.
A network security expert told the reporter that when judging whether the mobile phone APP has excessively applied for authority, users need to combine their own needs. 'If a very simple tool like APP, such as a flashlight, has to acquire more permissions, it can be compared. Sensitive authorities, such as contacts, positioning, etc. are closed. ' In response to the issue of compulsory authorization, the expert stated that this currently requires a solution at the mobile phone system level. For users, if forced to choose authorization during installation, the remedy is , After installation, use rights management software to turn off the appropriate permissions.
Start personal information protection battle
Getting permissions is not the first step to making evil. Determining whether a software is really malicious can't just look at permissions.
There are many reasons for the leakage of user information. APP is only one of the entrances. It also involves the management of information data, the reason of the website itself, or the hacker attack. In fact, the problem of excessive call rights in mobile APP is not so serious, if everyone puts it It's not enough to just look at the APP's behavior itself, or just to stare at the permissions of the app. 'The above network security experts said.
From June 1, 2017, the "People's Republic of China Cyber Security Law" was formally put into effect. The disclosure of user data by civil servants or some people who possess data has been able to pass legal sanctions, but the relevant laws on personal privacy protection are not perfect. The relevant draft ("Personal Information Protection Law of the People's Republic of China (Draft)" has been announced, but it has not yet been finalized, and it is not difficult to rely on industry standards, 'each manufacturer, each APP developer's APP There are reasons to apply for permission. It is difficult for companies or developers to reach a consensus. In this case, it may still be necessary to rely on the improvement of the operating system itself to solve this problem. 'The expert said.
It is also extremely common for netizens to inadvertently disclose their information. Taking cash loans as an example, some cash-loan companies do not specify information access, and they have no bottom limit at all. People who participate in cash loans do not have privacy. The black-gray industry has been quite large. Before that, Du Yuejin, vice president of the Security Department of Alibaba Group, once told the media that China’s current industrial output of black and gray has reached 100 billion, and the total output value of network security is less than 30 billion. The losses caused by the black and gray industry are multiplied by at least 20 times. He said that many black-and-grey industrialists have the ability to use big data even more than some well-known Internet companies and can accurately obtain data and conduct accurate fraud.
Sales of information include fraud, theft, and other industries, as well as finance, precision marketing, etc. The most peddled information is the user's contact information, account password.
Ma Gang told reporters that the use of personal information such as account passwords to truly steal users’ funds or assets is relatively rare. 'These are obviously illegal and few people generally dare to do it. More of them are mainly used for marketing and advertising. Due to the imperfections of current laws and regulations, many so-called pushing business information to users, the precision marketing of advertising is in a gray zone. 'Although it is known that this is not right, or is allegedly infringing, but there is no clear provision, the punishment is not very clear, it is gray. Strip, it will let go. '
In order to prevent the leakage of personal privacy information, the “Report” suggests that users can start from the following five points: First, download software to select formal channels, such as Android Market; second, be careful to fill in personal privacy information to prevent information from being collected indiscriminately; Manage privacy rights in mobile software, understand software rights behaviors, and turn off unnecessary authorizations. Fourth, prevent public WiFi, switch to data traffic when transferring money and payment; fifth, use 'factory-formatted' to copy large files repeatedly. And delete 'three steps to completely clean up old mobile phone information.