The specification of App behavior can also make the application of “domestic cancer” less and less.
Editor’s note: This article comes from the WeChat public account ” minority “(ID: sspaime) , author: jijiali.
Last week, the Ministry of Industry and Information Technology issued a document called “Notice on the Quality of Telecommunication Services” (No. 1 in 2020), which reported complaints from telecommunications users, telecommunications service supervision, operation and consumption. The reminder and other three parties notified China’s telecommunications services in the fourth quarter of 2019. It is worth noting that this report mentioned the report of bad mobile phone applications.
Reporting of bad mobile apps. In the fourth quarter, the 12321 Report Acceptance Center received 15,585 reports of bad mobile phone applications, a decrease of 23.50% from the previous month. Through industry self-discipline, the 12321 Report Acceptance Center, together with the application store and security testing vendors, removed the 164 bad cell phone applications in question.
The 164 apps are not far from you. Since the National Internet Information Office issued a notice on “Approval Methods for Collecting and Using Personal Information in APPs” at the end of last year, the Ministry of Industry and Information Technology has notified many apps (the first and second batches) that involve “infringement of user rights and interests.” Among them are not only QQ from big manufacturers, Sina Sports, Xiaomi Finance, Sohu News, etc., but some well-known apps, such as Shunyi District Library, Zhimi back words, Ruixing Coffee, etc. are also listed.
What many people may not know is that all kinds of App rogue behaviors that have poisoned the domestic Android ecosystem are actually being corrected gradually. The next time you encounter an obscure and readable app privacy agreement comparable to “Tianshu”, don’t rush to “agree”-those common personal information collection behaviors may be illegal.
What information collection activities are infringing?
Considering the initial issuance time of this requirement, the information collection behavior of most apps at that time may be non-compliant. In the document of the Ministry of Industry and Information Technology (Xinguanhan) [2019] No. 337 “Notice of the Ministry of Industry and Information Technology on Carrying out the Special Remediation Work of APP Infringement of User Rights and Interests” (hereinafter referred to as “Notification”), it is clearly divided into “infringement of user rights and interests” into 4 Aspects, 8 types of questions:
Illegal collection of user personal information
Illegal collection of user personal information mainly includes “private collection of personal information” and “over-range collection of personal information”. Here, the notice clearly lists that the address book, location, ID card, face, etc. belong to the user’s personal information, and the App needs to clearly inform the user when using personal informationThe purpose, method and scope of the project.
In addition, the information “not necessary for the service or no reasonable application scenario” needs to be clearly defined as the use of the user’s personal information beyond the scope.
Illegal use of user personal information
The illegal use of user personal information is mainly reflected in two categories, including privately sharing user personal information to third parties and forcing users to use the directional push function. Here, the notification further clarifies that device identification information, product browsing records, search and usage habits, and the list of commonly used software applications all belong to the user’s personal information.
For example, the behavior of sharing user data with other applications through public storage space read and write permissions mentioned in the introduction of storage redirection tools is illegal use of personal information. In addition, this notice also requires that the app must provide “turn off this feature (designated to push or precise marketing function) option”, which is commonly known as “turn off personalized advertising push.
Unreasonable request for user permissions
On the issue of “unreasonable request for user rights”, three types of common rogue behaviors, such as not giving permission to permission, frequently applying for permissions, and excessively requesting permissions, have become the main political content of this notice. Requesting permissions that are not related to the core functions of the application (such as the camera application requesting phone permissions), and frequently applying for permissions after the user explicitly refuses are within the scope of remediation. Specific to the permissions, address book, positioning, SMS, recording, camera These permissions are the focus.
Set up barriers for user account logout
This is mainly reflected in the difficulty of account cancellation. In layman’s terms, it is that the App does not provide logout services or “make trips” for logout.
Okay, here we can simply sort out, “infringement of user rights” includes such information, see the following figure for details.
“Infringement of user rights” involves information
Standardized app behavior has gradually become the “new normal”
To a certain extent, the introduction of the above-mentioned “Notice” and regulations allows the regulation of domestic Android application permissions and information collection behavior to “have a law”. Specific to the implementation link, how effective and effective is this “Notice”?
After the Ministry of Industry and Information Technology ’s two notification lists have been released, I will also conduct the 56 apps involved.A brief statistics and analysis. The specific statistical analysis can be seen in the figure below.
Analysis of problem behavior
It is not difficult to see from the picture that the earlier rectified App violations accounted for the larger number of private information collection, excessive request for permission, private sharing to third parties, and permission not to be used. Specific to the application, I conducted a simple comparison experience with the App mentioned in the notice, and mainly found the following three changes.
Privacy policy is no longer “Tianshu”
Most of the privacy policies that you have seen in the past are often piled up with a large number of laws and professional terminology. Over time, it naturally becomes a “day book” that is “too long to read”. You only need to brainlessly agree. it is good.
Unfortunately, in various violations of information collection, these “privacy policies” that appear before opening the application or registering for the first time are often the key that opens the “Pandora’s Box”.
In the second batch of lists notified by the Ministry of Industry and Information Technology, Lagou Recruitment (see the second batch of lists) is on the list for “Privately Collecting Personal Information”. Through the application treasure channel, at present (referring to the version downloaded during the test, the same below) we have seen the “pull recruitment” has been upgraded from v7.31.0 at the time of notification to v7.33.0. And the latest version of the privacy policy has been updated on January 8, 2020.
In the new privacy policy document, Lagou Recruit lists the purpose of user information, and the authorization of third parties is also expressed accordingly. Frankly speaking, for a recruitment app, personal information is requested and used particularly frequently, so a concise and concise privacy policy is naturally very important to users.
Is it more readable after the rectification?
In addition to Lagou recruitment, the same list of QQ readers, Sohu news, interface news and second