Getting a taxi, buying tickets, entertainment, socializing… Nowadays, almost all the activities you can think of can be easily achieved through various apps on your mobile phone. But all “gifts” have prices-behind the savage rush of the mobile Internet, our personal privacy also disappears. This article from the micro-channel public number: leopard change (ID: baobiannews) , Author: Pan Tao, Editor: Liu Yang , The head picture comes from: “Surveillance Capitalism: Smart Trap”
Obviously, I just want to choose a seat for the flight online, but the platform quietly disclosed your name and profile picture, so that strangers can have a chance to socialize with you.
A common browser, in addition to storage, actually needs to enable location and phone permissions, otherwise it will be forced to exit.
These are just open guns, and the more difficult thing to guard against is the dark arrows.
Some apps can keep track of your phone’s usage trajectory, exact location information, and even the photos in your phone’s photo album without your knowledge, but they can also modify or delete them in the background.
And this is actually agreed by you by default.
The application for permissions like dog skin plaster on the mobile phone APP has reached the point where it is flooded.
In such a complicated application for permissions, the address book permissions closely related to the user’s social circle have become one of the most common permissions.
Why do all apps want to access your address book?
1. 20 APPs, 17 of which want address book permissions
In order to solve the doubts, Leopard Change downloaded 20 more commonly used head apps, covering social, search, entertainment, travel and other fields, and conducted an evaluation to see how the app’s demand for address book permissions has flooded Degree.
From the permission management interface of the Android phone, it can be seen that among the 20 head apps tested, 17 of them involveWhen it comes to the address book permissions, most of them are just “read contacts”, but the 3 APPs such as Baidu Netdisk, Weibo, and WeChat take it a step further. Their address book permissions also include “new/modify/delete contacts”. .
In addition, among the 20 apps tested, only Baidu Netdisk’s permission application also included the item “read call history”.
Take Baidu Maps on the Android platform as an example.
Use a Huawei mobile phone to download Baidu Maps APP from its own application market, and enter the authorization management interface in the phone settings. You can see that Baidu Maps involves permissions in addition to the address book, including storage, phone calls, location information, cameras, etc. 10 permissions within.
But after entering “View all permissions” in the permission management page, you can also view more details of Baidu map usage permissions, such as reading the configuration information of the application market, retrieving running applications, and directingDownload files without displaying notifications, etc.
These subdivided users cannot be closed manually, they can only be turned on by default. In other words, once a permission is turned on, the more details contained under the permission are also defaulted.
However, when it comes to Apple phones, Baidu Maps is much more “faithful” in obtaining permissions.
On the iOS side, Baidu Maps has only 5 permissions in total-location, microphone, Siri search, notifications, and wireless data. It does not include the address book permissions, and all permissions can be manually turned on or off in the settings.
From the perspective of travel safety, in response to emergencies, travel apps need address book permissions are excusable, but the address book also appears in the Sogou input method permissions, then It seems a bit confusing.
Moreover, not only the address book, including access to the exact location information, taking photos and recording videos, etc., all appear within the authority of Sogou Input Method, and there is even a “request to delete a file package”.
Similarly, Sogou input method’s permission requirements on the iOS side have also been greatly reduced. Its permissions on Apple phones only include Siri and search, notifications, background APP refresh, wireless data, and keyboard.
In other words, On the two different platforms of Apple and Android, APP strives to avoid unnecessary permissions while advocating “bundling sales”. The more the better
Some Xiaomi mobile phone users told Leopard Change that they could not use the APP as long as any one of the permissions requested by the APP was not approved. However, on today’s Huawei and Apple mobile phones, even if the permission application of the APP is not approved, it can still be used normally.
Compared with the iOS side, the permission requirements of the APP on the Android side are not only complicated, but also arrogant. Most of the permission requirements are not due to the needs of providing services, but because of the small ninety-nine of the enterprise.
Under what circumstances does APP need to obtain the user’s address book?
This point is usually mentioned in the privacy policy of the APP, but in the face of long statements at every turn, how many users really have the patience to read it? The operators behind the major APPs also know this well.
Even on the iOS side, which is more rigorously reviewed, there are still times that make people feel uneasy.
” Douyin was not allowed to access my address book, but a former colleague was still found among people who may know.” An Apple mobile phone user worried that his address book had already been read by Douyin.
Some netizens also encountered a similar situation:
“I deleted my predecessor’s mobile phone number, Weibo, and WeChat account. Douyin’s address book was also forbidden. Later, I found my predecessor among recommended people who may know.”
Second, today’s headlines and pulses have been recruited
Although it is annoying and involves privacy leaks, objectively speaking, most people don’t care too much about the fact that APP accesses the address book.
However, there are also people who are willing to be more serious.
In 2018, Mr. Liu, a 31-year-old from Benxi, Liaoning, found out when he registered to use the Toutiao app that he had not authorized the app to read his mobile phone address book, but was recommended to the friend’s account in the address book. .
Later, Mr. Liu logged in the Toutiao app again on a mobile phone with a blank address book. This time, the account of his friend’s address book in the original phone was successfully recommended to him.
bySince social relations were read without authorization and privacy rights were violated, in February 2018, Mr. Liu filed a complaint against Beijing Bytedance Technology Co., Ltd., the operator of Toutiao’s APP, to court, requesting him to stop the infringement and pay compensation. Apologize and pay 1 yuan for spiritual damages.
Actually, ByteDance launched the sync address book function as early as September 2017. After the user installs the Toutiao app, without registering and logging in, they can see an interface in the app to “see which address book friends are using Toutiao”. Once the user clicks, his mobile phone address book will be read.
In addition to displaying the headline accounts of friends in the address book, on this page, some account names will be accompanied by the names stored in the newsletter, and even mobile phone numbers.
Not only that, but when users browse the information in the APP without registering and logging in, a prompt such as “Your friend XX is also using headlines” will appear.
However, these features have now been taken offline.
In addition to today’s headlines, banks with “big eyebrows and big eyes” have also done the illegal access to the user’s address book.
In September 2019, the Guangdong Provincial Public Security Department exposed Rizhao Bank, Xiangcai Securities, and Tongpay MPOS(Xingyifu’s APP) on roll call.
42 APPs such as span>, Weidai.com, etc. The problems involved include illegally reading user address book information.
It’s even more terrifying to dip into the Internet loan app.
Industry insiders have revealed to the media that the user downloaded the app of the online loan company, and when it was opened for the first time, once agreed to the “privacy access permission” pop-up window, the user’s address book, call history, text messages, photos and other information Will be obtained by online loan companies.
After getting this information, the online loan company can find your immediate family, collateral relatives, or friends through your address book. As long as the user is overdue, the online loan company can send the information to the past, making you fall into ” The crisis of social death.
No matter what, these address book information can still be sold to collection companies for two cents a piece.
Some time ago, due to the public opinion incident of an Internet company, Maimai succeeded in attracting a wave of eyeballs and earning some good impressions as a daily anonymous gathering of Internet people.
But in the matter of obtaining user address book informationAbove, Maimai has also been complained by users.
Three years ago, a user posted on Zhihu that Maimai promoted the APP through its own address book information.
The user said that he received Maimai’s pushes one after another, saying that a new friend had joined Maimai, and when he looked at the name, it turned out to be his two high school teachers.
What surprised this user even more was that he also received a promotional text message from his brother to join Maimai. And his brother joined Maimai because he received the same promotion message.
As of now, this article has received nearly 6000 likes. In 2021, there are still people who left a message below the article stating that they have never downloaded or registered Maimai, but have received similar text messages.
3. Abuse of authority, only for user portrait
Compared with secretly accessing users’ address book permissions, Pinduoduo’s behavior is a feat.
In January 2021, after the “Pinduoduo Girl Incident”, Pinduoduo staged another operation of remotely deleting photos from users’ albums, which made it into the hot search again.
A netizen said that after opening the Pinduoduo app at the time, he discovered the “Invite 1 person and directly withdraw 100 yuan” activity on the Pinduoduo app, and took a screenshot with his mobile phone.
Subsequently, the netizen invited a newcomer in accordance with the rules of the event, but at this time, he found that the “direct withdrawal of 100 yuan” in the rules of the Pinduoduo event had become a “random amount”, and it was impossible to withdraw less than 100 yuan.
The netizen looked for Pinduoduo’s customer service theory, and posted a screenshot of evidence, and wanted Pinduoduo to cash out 100 yuan according to the original rules. It didn’t take long for the netizen’s mobile phone to receive a prompt: “Pinduoduo has been detected as a deleted photo or video.” Upon inspection, it was discovered that the original screenshot in the phone’s albumThe picture has arrived in the recycle bin.
In response, Pinduoduo responded that deleting the photos may be caused by clearing the APP cache, and generously proposed economic compensation measures for a 30 yuan no-threshold voucher.
In fact, Pinduoduo storage permissions include “modify or delete the contents of the SD card”. This permission is extremely common in mobile apps. Except Pinduoduo, the other 19 apps tested this time also include this permission.
In addition to seeing such strange cases in hot searches, in fact, in daily life, everyone is also a victim of abuse of authority.
Many people have this kind of experience. When chatting with family or friends, they accidentally mentioned a certain item, and soon saw relevant recommendations on the e-commerce app-whether you have searched before or not .
The founder of 360 Group, Hongyi Zhou, said on a program earlier that some apps would secretly record or take pictures, and then send us favorite content.
Not only that, some users complained to Leopard Bian: “I searched for Apple’s laptop on the e-commerce website, and I quickly saw it in the information flow of Hupu.”
Previously, news broke on the Internet that users found a mobile phone with a retractable camera. When using the QQ browser, the camera would quietly stretch out and then retract it.
The QQ browser’s statement is that this is because the camera is triggered by obtaining the camera parameters, and the camera is not actually taken.
Phone calls, positioning, taking photos, recording… The authority of mobile apps has penetrated almost every aspect of daily life.
In such an era of big data, mastering information means mastering a gold mine. This has also caused APP to obtain more user information, which is no longer based on the necessity of services, but has become A business trend.
By continuously labeling users’ social relationships, daily habits, and consumer behavior, the final result is a user portrait of everyone.
Enterprises have user portraits, and all short videos and information streams can reach users in the most accurate way, instead of rounding corners and searching for their possible audiences.
Of course, it also includes ads customized for you.
Four. Conclusion
Li Yanhong publicly stated in 2018: “Chinese people are more open to privacy issues and relatively less sensitive. If they can trade privacy for convenience, security or efficiency. In many cases, they are willing Do this.”
Invisible, everyone is represented, but this is precisely the attitude of some Internet companies. The problem is not that you agree or disagree, but that people simply don’t give you the opportunity to choose.
Behind the savage rush of the mobile Internet, personal privacy has disappeared.
This situation is not unnoticed by the relevant departments.
In fact, the “Interim Provisions on the Presetting and Distribution Management of Mobile Smart Terminal Application Software” implemented on July 1, 2017 clearly stated that software must not call terminal functions that are not related to the Agree, the collection and use of personal information of users shall not be implemented.
At the end of 2019, the National Cyber Security Notification Center published the article “Public Security Organs Carrying out the Centralized Rectification of Illegal Collection of Personal Information by APPs”. The article stated that since November 2019, investigations and corrections of illegal and illegal APPs and Internet companies that operate have been carried out. Reached more than 100. It is precisely the phenomenon that APP collects personal information in violation of laws and regulations.
Big data crawling company executives were arrested and imprisoned, and several well-known big data companies were caught in a pot within a month, which is not news.
Today, similar regulations are still escalating.
On February 5, the Ministry of Industry and Information Technology notified 26 companies that had illegally called the microphone, address book, photo album and other authorized APP companies, and removed 10 apps that failed to rectify in time as required.
The unhealthy trend of abuse of authority should really be utterly utterly utterly uttered.
This article is from WeChat official account:Leopard change (ID: baobiannews)< span class = "text-remarks">, author: Pan Tao