An APP on how to “read” and “use” your personal information

lanzhou university undergraduate Xie Qing previously did not notice their android app installed on the phone has a lot of have the default click agree to the terms of the installation until the crocodile little naughty love to take a bath, software tips he must allow the software to “read directory, log”, “modify/delete content of SD card, USB storage”, even “reading phone status and ID… And game “fruit ninja” – the only need to cross rowers finger games require read his mobile phone in the “general location (web-based) or precise (GPS) location”.

these options have been agreed to by default, there is no change, Xie Qing either accept terms and conditions or to give up the game. Xie Qing quickly click “agree” – he doesn’t know is that since these applications can send scan and his phone information uploaded to the Internet cloud server, this is the meaning of “read”.

if Edison also know their privacy photos from sent to repair disk leaked, so in the future when “Xie Qing” privacy photos appeared on the Internet, he probably didn’t know from where to go. Even then he was lucky, and more unfortunately, he didn’t know his privacy photos was hovering over the Internet.

this is not the only thing people need to worry about.

smartphones can tell others your location, and who spoke on the phone, send text messages, what is your mobile phone factory number, what games to play, some play games, what time is it around in the office, whether like to eat sichuan food, you search any news, seen any website… By leaked this information, you can decide whether you Grosvenor LTD handsome, your income level, are you at home – if a single you just in the distant xinjiang restaurant “checkin”, basic can decided whether to go home now “visit”.

your information is being confused on the numerous APP in the mobile phone to countless server, the owner of the APP, the APP store, and some mobile phone manufacturers, are becoming the chain of participants, they remind obscure, ambiguous, you don’t know what they do with these information purposes, and I don’t know their company may be only a few engineers, unable to protect your security of these information.

free service with “offer” the nature of the default clause, as a function of the development of new or find profit model of data mining are understood, but the size of the company must be at least in those of the “universal” also promised to user data accordingly, but now cannot be used to sell or leaked, the distance can introduced effective measures to protect the privacy of users’ personal information is in sight.

fuzzy told fragile protection

qihoo 360, vice President li tao, said mobile phone privacy areas is mobile phone number, address book, location, text messaging and software installation. Tencent wireless one insider said, most people don’t know “reading phone status” is to allow the software to be able to see the basic information in the mobile phone, for example, using the operator of the network and mobile phone underlying what software installed.

and “read phone ID” means the upload the ID code – the only In the cell phone IMEI (In – ternationalMobileEquipmentIden – tity, global, every cell phone use have never repeat identification code), identification code can be used for identification and tracking for mobile devices. Identification code is often used to do some APP on the channels to promote settlement. If you are using apple mobile phone, then used to pay for apple account or password may be scanned. “Retrieval running applications involving the use of these apps. “This app has many users, the number of downloads, either their own or someone else’s data is very valuable, their data can be showed the vc is used to talk about funding, data can be sold to others.” The tencent wireless insiders said.

in this comprehensive 40 most commonly used in various applications store APP tests, 97.44% of software requirements read “reading phone status and ID. Asks the user must allow the application to obtain “general location (based on the network), precision (GPS) location” accounted for 69.23%.

directly affiliated to the ministry of China software testing center in March 2012, served as a the android mobile phone software personal information security evaluation report. Liu Tao deputy director of the China software testing center told the economic observer, all reveal the types of personal information, the IMEI number leak behavior is most serious, phone number, followed by geographical location and other SIM card serial number, IMEI number and phone number is “personal information” of the receiving party is the main focus of the content, and most software in foreign send personal information and not to the user the corresponding prompt.

of course, is not to say that an APP cannot read capability weak information related with their own data, only if the reading behavior should not be the default must accept? The user can have a choice? And companies only before installation to inform, not clear to the user data usage and how to protect the personal privacy information.

in fact, the user doesn’t have refused to allow yourself with a personal information in return for for free game, an APP party gathering, analysis, and USES this information to all have no problem, the key issue is how to let users at ease – these data will not be leaked out, especially to reveal to the third party don’t know… Even the first N.

be fool’s white

in the “about the use and protection of the personal information” issues, such as the APP customer service answer is rather disappointing.

one kind answer is imposed “function”. Beautiful said customer service said the company “need” to read the address book because want to see what your friends are with beautiful said, and “the application of android is such! If you want to provide users with the function, authorization from the start, don’t like apple, use authorization when.” And innocently said “this is no way!”

another answer was “illogical” type of customer service. Asking user address information to be obtained 91 desktop, for example, its customer service said: 91 desktop use the user location information is in order to make the recommended wallpaper and application more in accordance with user requirements – desktop wallpaper associated with location? For data security, 91 customer service simply to “not illegal to read the user data, as for the problems such as leak, I here can’t answered” delay.

there is one kind is “muddle through” type. 10032 customer service in the face of the picture show why “read the contact data, read sensitive record data and location information, the program is to make the normal use, can according to the user agreement should comply with the obligation to protect the data, to prevent leakage.”

Scott map staff to explain the “text” to be obtained function module is “a reflection to the technology department, but there is no such measures, Scott software is regular, not to steal your personal information.” , and on how to protect user information was leaked, gould’s answer can only be “this is to trust each other.

stranger stranger also belong to this kind of situation, the company’s public relations manager Wen Yajuan on how to deal with the user information seem to be very confident, said the company read and save the user data on the server is encrypted. “And users in the use of its products produced in the process of photos, audio and video, devoted to devoted to have periodic backup, also use encryption storage.”

the company is a very small part of the survey interview process, the answer for most companies is even more vague, and even some refuse to answer such a question. Most applications APP vendors will not special remind you, their company actually has dozens or hundreds of people, the server is managed in other IDC room, because haven’t profit, now actually don’t have any energy to do too much input to protect the data.

your privacy is very valuable

user information reasonable use is the function of the software to continue development, such as geographical location information can be used for navigation and positioning, and get the user photos can be used to set the avatar, etc., but the larger “value” is to commercialization.

user directories can be used to sell, used for precision advertising, such as spam messages and harassing phone calls and even fraud. Despite the economic observer can’t prove out all spam messages from an APP’s phone number, but in the smartphone growth in this two years, the number of spam messages in explosive growth.

tencent mobile security laboratory experts zhao-hua lu told the economic observer, 2012, tencent only mobile phone housekeeper total active report spam messages reached 304 million, accounted for 79.1%, including advertising spam messages in all types of spam messages. As of December 2012, tencent phone housekeeping has detected packages containing malicious AD 467000, accounting for 13.31% of the has been found that all of the packages, mainly sells promotion, real estate marketing, online business is given priority to; Fraud spam “short interest rates 10.8%, mainly usury, banned items and business degree in the three categories.

directory business model is the most simple, packaging to sell, a pack of hundreds of thousands of article. The “industrial chain” is also the most unobstructed, net, a book of a certain city or industry “boss contacts” price is in 180 yuan to 320 yuan, can be negotiable.

in addition, zhao-hua lu said that 2012 steal a virus can be user privacy, accounts and other key privacy control in all directions, and once the user suffer from this kind of virus attacks, often did not know, from the IMEI number to the mobile phone contacts, SMS, the geographical position, all-round to steal users’ privacy. Estimates that in 2013, with the value of privacy information, and privacy to steal virus will further crazy swept through mobile phone.

however, wireless Internet application developers are also very helpless. In addition to some mobile game company to make money, pure functional APP rarely make money, its survival mode is by various forms of advertising – the popup window, spam messages, recommended to install the software with the IMEI number to find the settlement promotion fee and so on.

“it is cloud storage, theoretically provide cloud services companies such as tencent, baidu and qihoo 360, should be save not only browse the content inside, but in fact it is entirely the (review).” The domestic legislation of personal information JiAiMin authority experts said.

smartphones jung an eminent areas is to reveal the privacy of personal information. But mobile phones can be tampered with so many people, there is also a reason is not only the APP in the “play”.

an APP there are generally two kinds of marketing channels: APP store and mobile phone manufacturers. At present all sorts of APP store also have no profit, revenue sources mainly APP promotion fee. Many people believe that in the APP store to download application is safe, but those famous APP store will only check whether the APP is hidden virus, for APP upload users’ privacy information is not to ask.

phone makers are more simple, the factory will promote the APP before the built-in in the mobile phone, the built-in price about 1 yuan, some are even higher. In this case, the APP even “informed” and “allow” cut.


an APP to dare to do this, is because the user signed the “agreement” – although these agreements ignore whether you need this function, but don’t sign the contract will not be able to use.

millet technology, founder and CEO lei jun think “APP to scan the irrelevant information and software function itself, really shouldn’t.” Qihoo 360 zhou acknowledged that this belongs to a kind of “overlord terms”.

Legal blank

a powerful android app to collect user information “excuse” is “the whole industry is such”.

national regulatory policy is not much. On December 28, 2012, the standing committee of the 11th National People’s Congress passed the 30th session of the standing committee of National People’s Congress on strengthening the decision of the network information protection “.

the domestic legislation of personal information authority JiAiMin also believes that the “decision” is not enough “to force”, he thought should rise to the legislative level, “at present almost all software have the ability to wanton collecting personal information, there should be a legal system society make people who in fact can run amok cannot run amok, such as who can actually go there’s no limit to collect personal information of the software does not have such a collection – relies on legislation. But we regret that we don’t have the legislation now.” JiAiMin said, “decision” is not professional, also do not have operability, several issues such as privacy information is read all is not involved, is a more abstract, provision too little, too principle and broad.

of course, the legislation is not a day for two days, before that, should by regulators to specification?

JiAiMin thinks, “if you don’t agree with you can’t use my software” is a no-trade clause, we only select the default, namely “shame” by default. Should be determined by the ministry and state administration for industry and commerce to change this situation.

ministry of industry and information security coordination department deputy director Mr OuYangWu refused to be interviewed.

, dean of the school of the National People’s Congress, hubei economy zhong-mei also recommended in during the two sessions, the lower level of trust in cyberspace the realistic cases, is very necessary to strengthen the management of our country network identity information security system construction, strengthen the protection of citizens’ privacy and respect for the citizens’ right to know, to develop in order to respect the rights of citizenship identity information management system based on network.