After the QQ browser secretly called the camera event, Vivo NEX officially upgraded the system and added a reminder function for calling the camera and microphone to the third-party application. Later, some netizens found out that the Baidu input method did not wake up the voice input. There is a phenomenon of secret recording. Baidu responded by showing that the input method is optimized for voice microphone warm-up, but the purpose is to speed up the voice start-up speed and solve the problem of voice recognition and word drop caused by user feedback, and no recording processing is performed.
The problem of privacy about cameras and microphones has been erupting in the PC era. People can only solve this problem by blocking the camera. In the era of smart phones, such problems have gradually attracted users' attention. Especially for non-native systems Android phones, In the process of installing or using the app, you can collect user location, address book, camera, recording and other information.
Smartphones have become a necessity for people's work and life, but privacy issues continue to break out. Who is responsible for protecting user privacy?
The phone is being monitored? The camera, the microphone is secretly activated
In order to achieve a zero-screen full screen, vivo NEX designed a lift-type front camera. When the user needs to take a self-timer, the camera can automatically pop up from the body. Soon after the phone was released, some netizens wrote a paragraph saying that when using the mobile phone Clearly, there is no self-portrait, the camera will rise to look at you, and then retracted silently. I thought it was a mobile phone failure, and later found that some apps with camera permissions, sneaked up and closed without the user's knowledge. .
Therefore, vivo NEX suddenly became the identification artifact of rogue APP.
When everyone thought that this was just a piece of time, QQ browser gave a formal response saying that 'the test found that there is indeed a camera action, but this action will not open the camera, and will not shoot or record.'
And the QQ browser also explains the reasons for this problem and the technical principles, and promises not to collect any user privacy.
Vivo customer service reply "Southern Metropolis Daily" said that this is because the software has opened the permission to call the camera, the software can call the camera permission to close. 'vivo attaches great importance to user privacy and information security, our system will be optimized from time to time and A software pop-up reminder with this behavior. '
Afterwards, Vivo NEX upgraded the system and upgraded it to version 1.15.4. It reminded that the third-party application's decision logic for invoking the camera was enhanced. This enhanced the pop-up window to the user and authorized the secondary confirmation when there was a potential unknown invocation behavior. .
At the same time, it also optimizes the decision logic for the third-party application to call the microphone, and increases the authorization for the second confirmation by flashing the status bar to alert the user when there is a potential unknown invocation behavior.
Figure 1: Vivo NEX system upgrade optimization reminder
After the system was upgraded, when users used Baidu input method, they found that in the notification bar, a message “Baidu input method has been recorded in the background” popped up, and informed that the user could change the permissions management in the settings.
Figure 2: Baidu input method has been recording in the background
Netease Technology has tested this. The 'Baidu Input Method' microphone permission downloaded from the vivo application store is turned off by default, but the Baidu input method has voice input function. If you want to use this function, you need to enable the microphone permission. Once enabled, When the user searches in the browser and enters the URL, the system will remind the microphone to automatically turn on the recording state even if the user does not press the 'microphone button'.
Figure 3: Netease technology measured Baidu input method recording screenshot
In this regard, Baidu said that Baidu's input method will not record without the user's consent, and will not collect privacy by any means. After starting the self-examination, the preliminary reason for the phenomenon is that the input method The optimization of voice microphone preheating is done to speed up the voice activation speed and solve the problem of speech recognition and word loss caused by previous user feedback. This optimization strategy will take effect when the scened voice bar and voice panel are displayed. This optimization will make The system believes that recording has started, but Baidu input method has not been recorded.
Figure 4: Baidu input method response
'Although this problem is not serious, but it exposes the privacy concerns of Android phones. Before the QQ browser calls the camera, there is Baidu input method to call the microphone. Android privacy and permission abuse issues have been erupted. ' Industry experts said.
Frequent privacy issues Who will protect user information?
In fact, as early as 2016, the National Internet Information Office issued the “Regulations on the Management of Mobile Internet Application Information Services”, which clearly stipulates that the user’s right to know and choose in the process of installing or using the APP is guaranteed in accordance with the law. The user expressly and with the consent of the user, may not open the collection of geographical locations, read the address book, use the camera, enable recording and other functions, do not open the functions that are not related to the service, and do not bundle the installation of unrelated applications.
However, Tencent Social Research Center and DCCI Internet Data Center jointly released the "2017 Online Privacy Security and Cyber Fraud Behavior Analysis Report". The report shows that 8.5% of Android mobile apps still have user privacy rights and become the key to personal information disclosure. It is believed that application software is still the most important and important part of personal information disclosure.
Therefore, experts remind users to choose a formal channel when downloading the APP. OPPO Shen Yiren said in an interview with the media that the OPPO software store application is manually audited and will do all the technical and manual means to protect user privacy.
In addition, for APP usage rights, users should also be cautiously authorized. Once they find that they are over-authorized, they can be turned off in the rights management.