Open the app of mobile phone (hereinafter referred to as app), input 18 social security numbers, names, 8-digit query passwords, login passwords, mobile phone numbers, and all your personal information may appear in other people’s computer background.
This is a scene that happened in CCTV’s “3.15” party. The host registered and inquired about social security through an app called “social security master”, simulating the whole process of personal information being intercepted remotely. Experts said that the social security query app implied a number of unreasonable terms, such as “you agree and authorize us to use your social security account password” and “simulate you to log on to the website to obtain your personal information”. But after users register, their personal information is sent to the website of a big data company, and all this happens without users’ knowledge.
It should be noted that apps like “compulsory claims” and illegal collection of personal information are not uncommon.
There is no telephone service, why do you need telephone permission?
2019 issued by national Internet Emergency Center According to the Internet security situation in the first half of this year, in the first half of this year, the national Internet Emergency Center obtained more than 1.03 million mobile Internet malicious programs through independent capture and manufacturer exchange. According to the malicious behavior statistics of malicious programs, the top three are respectively tariff consumption, rogue behavior and malicious deduction.
According to the monitoring and analysis of the national Internet Emergency Response Center, among the thousands of mobile apps with large downloads, each app applies for an average of 25 permissions, many of which are unrelated to the phone business, but apply for the right to make a call, accounting for more than 30%. In terms of personal privacy, each app collects an average of 20 pieces of personal information and equipment information, involving social, travel, recruitment, office, video and other aspects. In addition, a large number of apps have abnormal behaviors such as detecting other app information, reading and writing user device files.
The key to privacy
When the app collects the user’s privacy information across the border, the threat to the user’s personal information security cannot be underestimated. Therefore, consumers should enhance their security awareness, pay more attention to the right of claim of app, and treat every authorization requested by app prudently. But what are the risks behind different types of authorization? In this regard, the reporter did a simple summary.
If the app is authorized to read the location information, once the location information is used by lawbreakers, or property theft or even personal injury is caused; if the app is authorized to read the storage device permission, important documents and privacy photos may be leaked; if the app is authorized to read the phone permission, it may be viewed and modified call records, local number and device ID, app It is also possible to obtain the call status and the phone number being dialed, or even hang up the phone directly; if the app address book function permission is authorized, the app may read and modify the address book, so that the contact information may be disclosed; if the app SMS function permission is authorized, the app SMS may be sent, received, read and deleted, and the user’s verification code for bank transfer and website login may also be read, which is easy to cause property damage. If the access to camera and microphone is granted, when the user opens the camera, photo and recording functions of the device, the app may snoop on the user’s life privacy.
In a word, for mobile phone users, we must “long snack”, ensure the security of personal privacy information as much as possible, and then enjoy the convenience brought by app. Internet enterprises should realize that the “compulsory right of claim” without bottom line is not only against business ethics, but also against laws and regulations. They should ensure that the rights and functions of relevant applications are matched, and properly use these rights to avoid harming the rights and interests of users.
Nearly 8000 pieces of reported information, more than 100 enterprises need to rectify
Some websites and apps force the right of claim, over claim and over range collection of personal information. Some apps even ask users for more than 70 rights. Once rejected, the whole app will not be available. Some software developers’ outrageous behavior arouses the dissatisfaction of users, and also arouses the attention of relevant departments.
Recently, the “2019 cyber security Expo” held under the guidance of the central cyber information office shows the results of the special governance work of APP personal information protection carried out by four departments including the central cyber information office from January to September this year, including the evaluation and handling of the illegal use of personal information of nearly 600 apps.
Yang Chunyan, the first level inspector and deputy director of the cybersecurity Bureau of the central cyberspace office, mentioned that the central cyberspace office has drafted the “App” for the data security issues such as the current App compulsory authorization, excessive claim of rights, excessive collection of personal information and illegal use of personal information A series of system documents, such as the identification method of illegal collection and use of personal information, the national standard basic specification for mobile Internet application (APP) collection of personal information (Draft), etc.
In addition, Yang Chunyan said that since January this year, the central network information office, the Ministry of industry and information technology, the Ministry of public security and the General Administration of market supervision have jointly carried out a series of comprehensive governance activities: guiding the establishment of a special governance working group for app; developing a reporting platform and establishing a special governance working group for app Up to now, nearly 8000 reports have been received for illegal collection and use of personal information, of which real name reports account for nearly 1 / 3; more than 400 apps with large amount of downloads and common use by users have been included in the evaluation, and more than 100 apps have been sent to The operation enterprise sent the rectification proposal letter, and the problems found in the evaluation were rectified and implemented. In addition, through wechat, website and other channels, the publicity and popularization efforts were increased, and the typical app illegal personal information collection behaviors were exposed in cooperation with CCTV “3.15” evening party. The purpose is to promote the app operation enterprise to speed up the rectification.
“At present, this work is still being pushed forward. We will continue to improve relevant document standards, strengthen governance, and constantly improve the protection level of APP personal information.” Yang Chunyan said.