After upgrading my phone’s operating system to Android 10, I noticed some apps’ “rogue” behavior.

Editor’s note: This article is from WeChat public account “ InfoQ ” (ID: infoqchina) , Author Wan Jia.

Recently, after upgrading my phone ’s operating system to Android 10, I ’ve noticed some apps ’“ rogue ”behavior.

One is Google. I love to go to Google Play to collect fun games. However, before downloading the game, I will open the game video to see the effect. Click the video, open it with your mobile browser, and enter the Youtube official website game play page. Once the video starts playing, the page will remind you “Youtube requests to use your camera”.

I’m just watching a game video. Why would you call my camera? If the camera is called, your face or other information may be collected. I basically refuse every request. However, in retrospect, this behavior may have been performed “behind the scenes”, so permission is not required. If that’s the case, think of the terrible …

From the privacy protection of Android 10, let’s talk about privacy and security

From the privacy protection of Android 10, let's talk about privacy and security

Google on the left, Baidu on the right

The other is Baidu. Not long ago, I searched for keywords on a mobile browser, and the page reminded “Baidu needs to obtain your geographic location”. There are two options, “Deny” and “Permit” below.

I can’t figure it out. Search for a keyword, but also “get geographic location information”?

Always, permission management on the Android platform is often criticized, and “permission rogues” are very active, for example, applying for permissions that are not related to their own functions, using the permissions to call system hardware resources (such as starting the camera or Microphone), denying service without even giving permission …

However, the release of Android 10 in 2019 will change this phenomenon.

It is reported that one of the highlights of Android 10 is the mainPrivacy protection is mainly reflected in two aspects:

One is the improvement of device identification. Android 10 removed IMEI. IMEI, Chinese name is International Mobile Equipment Identification Number, which is commonly called the serial number of a mobile phone, which is equivalent to the “identity card” of a mobile phone. In a mobile phone network, each independent phone can be identified through IMEI.

Think about how important IMEI is, and it’s become something countless apps want to get.

For a long time, when many domestic apps were launched, they had to ask for phone permissions before launching. To put it simply, denying phone permissions is a rude “rogue behavior”.

In Android 10, neither new apps nor old apps can get device identification information through their infamous phone permissions. By restricting access to device identifiers, Android 10 can effectively protect device IDs and SIM card IDs.

Therefore, new apps developed for Android 10 cannot obtain the device identity. For old apps that refuse to adapt to Android 10, if you still try to obtain phone permissions, the obtained device identification value is only null.

The second is the upgrade of location information protection. In Android 10, “Background Location Permissions for Location Information” has been added, which is a more granular mechanism for granting location permissions.

From the privacy protection of Android 10, let's talk about privacy and security

For example, when you open the weather app, you have three options when the location popup pops up:

  • Reject;

  • Always allow;

  • Allowed only during application use.

    In general, the most appropriate option is “Allow only during application use”, which will protect your private information while meeting current needs. No one wants “I didn’t do anything, but you’re collecting my location.”

    This more granular method of granting location permissions not only gives users greater freedom in the authorization of location information, but also to some extent curbs the standby power consumption problem caused by background positioning.

    Undoubtedly, Android 10 offers users betterPrivacy protection. However, from a larger background, we should now take the privacy and security of netizens seriously.

    According to statistics from China Internet Network Information Center (CNNIC), as of June 2019, the number of mobile phone Internet users in China has reached 847 million, and the proportion of Internet users accessing the Internet through mobile phones has reached 99.1%.

    With the development of mobile Internet and the constant popularization of smart phones, mobile Internet applications (Apps) are widely used. According to statistics from the Ministry of Industry and Information Technology, in 2018, the total number of apps monitored on the Chinese market reached 4.49 million, and the cumulative number of third-party application stores distributed exceeded 1.8 trillion times.

    From the privacy protection of Android 10, let's talk about privacy and security

    The characteristics of convenient, instant and inclusive mobile Internet services are fully reflected in the App, and some apps have become “necessities” in the lives of the majority of Internet users. The app has become an important entry point for online and offline data exchange. It participates in the production and life of users around the clock and collects a lot of personal information. Security issues cannot be ignored.

    In fact, in 2019, the author observed that: on the one hand, Internet netizens’ awareness of privacy and security is increasing; on the other hand, it is the “strong supervision” and “strict requirements” of the government and regulatory authorities. Driven by these two factors, personal privacy protection is entering a new stage.

    At this new stage, many Internet companies have been criticized and exposed by the regulatory authorities for collecting personal information in violation of laws and regulations.

    In July of this year, Guangdong ’s public security organs continued to clean up and rectify user information collection apps in the second quarter of 2019. A total of 1,048 apps were monitored and found to collect user information.

    Among them, there are 42 apps such as “Cool Dog Music”, “Yilong Travel”, and “100 Languages”, which read the user’s call history, SMS or MMS, and collect the user’s address book and known accounts of user devices , Security issues such as unauthorized use of user device microphones.

    Koala credits, which have been buzzing recently, were investigated for violating citizens’ personal information. Koala’s credit inquiry violates the rules and sells the query interface, and illegally caches the personal identity information of citizens for downstream companies to query for profit.

    According to the police investigation, Koala Credit has been suspected of illegally providing ID card re-inquiry for more than 98 million times, with a profit of 38 million yuan.

    This shows that the individualPersonal information, illegally collected and used, has become a profit-making tool for some enterprises.

    If you look at it at a more granular level, there are security issues in each of the six links of personal information, including identification, tracking, portraits, recommendations, decision making and sharing.

    Identification: At the 315 party in 2019, CCTV exposed the “probe box” to collect personal privacy privately;

    Tracking: Meituan, are you hungry? “Eavesdropping” incident

    Decision-making: Big Data Kills Familiarity

    Similarly, with regard to the management of personal privacy information, regulators will “strike hard” in 2019.

    On January 25, 2019, the four departments of the Central Cyberspace Office, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the General Administration of Market Regulation jointly issued the “Announcement on the Implementation of the Special Governance of the Collection and Use of Personal Information by App Illegal and Illegal Regulations”, which heralded China ’s privacy in APP Level of governance has entered a new level.

    On the afternoon of November 4, on the afternoon of November 4, the Information and Communications Administration of the Ministry of Industry and Information Technology organized a special meeting to launch an app to rectify app infringements on users ’rights and interests. It will focus on collecting personal information and using users in violation of regulations. Information, unreasonably asking for user rights, setting up obstacles for user account cancellation, and carrying out standard rectification work.

    Of course, it is more important to have corresponding laws and regulations to protect. In this regard, the EU has long implemented the “GDPR” (General Data Protection Regulation) and has become a “first mover” in the protection of personal data. This law not only gives great protection to personal data, but also severely punishes companies that violate the law.

    On July 8, 2019, the UK Information Regulatory Authority issued a statement stating that British Airways was fined 183.9 million pounds (about 1.58 billion yuan) for violating the GDPR.

    The most watched in the U.S. is the California Consumer Privacy Act of 2018 (“CCPA”). It aims to fully protect the privacy of Californian consumers and enhance the security of personal information to achieve the purpose of fully protecting the right to privacy.

    CCPA gives consumers five important rights:

    • The right to know the type of personal information collected;

    • The right to know whether the information that has been collected is disclosed and sold, and the objects of disclosure and sales;

    • The right to refuse to sell personal information;

    • The right to access their personal information;

    • Even if you exercise the above rights, you have the right to be provided with services and prices equally.

      It is reported that CCPA will start in 2020 1Effective on January 1. California is not only home to Silicon Valley, bringing together major tech companies such as Google, Facebook, Hewlett-Packard, Intel, Apple, Cisco, Nvidia, Oracle, and Tesla. It also has a significant impact on the US and even the global economy. Therefore, the implementation of CCPA will also have a huge impact.

      In China, laws and regulations on the protection of personal privacy are also being promulgated, such as the Personal Information Protection Law and the Data Security Law in the process of being developed.

      Remember, once in the news, a company in the United States priced one person’s information for $ 3,000. In China, it may not be so high. Of course, we don’t care if the price is reasonable. Importantly, your personal information, including privacy, is very important to everyone.

      In terms of personal privacy information, the author is a firm “conservative.” Since you can’t know what other people or organizations collect your personal privacy information for, why not be careful?