The development of the Android ecological circle deformity
The need for standardized management
China to introduce norms and laws
It times reporter Li Dong Jun Junhui
Chengye, Xiao. As an advantage of Android platform, openness attracts users, developers, ad alliances, even SP and CP companies, and aims at this hot spot. But behind the opening, the seemingly massive boom of the Android ecosystem is littered with elephants. No clear industry rules, no relevant departments of the supervision of the Android Market, apps abuse of authority, private collection of user privacy, spam messages flooded, malicious plug-ins deducted charges and other problems frequently occurred.
The mobile Internet is in dire need of authoritative industry rules compared to managing the already relatively regulated internet, so who is going to license the mobile Internet?
Users ' troubles
Unsolicited spam messages and ad bombs windows
"In the Jifeng online under several software, installed, mobile phone status bar frequently pop-up advertising window, and constantly received a variety of spam ads SMS." This kind of advertisement window several day, even see QQ message status bar are blocked. And these ads how to press clear is useless, must click to watch. ”
"Low-key" netizens to the "it times" reporter said, helpless, he decided to apply all uninstall the "real Killer", "in accordance with the installation sequence of an uninstall, the last found is a pirate" demolition bird ", it unloaded after the quiet. ”
Unlike the "low-key", Wang, an Android development engineer, has taken a more thorough approach. "I am now using a revised system, in the software installation and use of the process will have permission to confirm the reminder, I have almost chosen ' no '." "Wang said to reporters, peacetime in the use of the process, he will be such as network data, text messages, address books and other permissions are all disabled, to avoid some of the app unauthorized access."
However, the high-end mobile phone user groups like Wang only accounted for a very few parts, more ordinary users are still helpless for window ads and spam messages headache, at the same time, some malicious apps are increasingly unscrupulous. An Android developer told reporters that some apps can even call and SMS from the background in a locked state, "the user is unaware." ”
Android Biosphere Chaos
Chaos like one: All the way the men stir up trouble
"Advertisers and advertising platforms collect personal information privately, which has become the industry's default rule, and these user information is typically handled in two different ways." One is to 1 number 1 cents to sell the price of the bulk SMS platform and other channels, can be immediately set up now, if not anxious to set up, advertisers and platforms can be this information to do data analysis and SMS push, through the message channel to send users advertising information, to achieve more accurate advertising. "An anonymous industry insider told reporters. The claim was confirmed by Chino, the founder of the Android bus. And an advertiser said to reporters, "through the message channel to push advertising cost is 5 cents/article, but recently the wind is relatively tight, to start strict, the collection of user information in these business circles have stopped doing, everyone in the limelight." ”
Compared with the dark deduction app maker, advertisers have a little bit of a different approach. "Advertising margins are relatively low, but to join the ' SP Dark Buckle code ' to do the app, quick words can be back this week, the income is easy." You package the plugin into the app, you can use the SMS push or the network Alliance platform to promote these apps, will soon be able to start the volume, good words can download to tens of thousands of per day. "An industry person engaged in SP Business told reporters, do SP dark buckle business is discriminating business, and built-in deduction can use change the signature of the way around the mobile phone security software."
Not only advertisers and SP in the waves, even the third party market, is a mixed bag, many platforms have also been involved in this interest chain, and even some of the platform directly by the manufacturers to develop. N Multi-Net founder Chen Yu to reporters, some third-party platforms also collude with it, became a dark deduction app landing platform.
"At present, some third-party platforms are developers and SP Enterprises deliberately developed, individuals without the company behind the support, access and promotion costs are not able to bear." In addition, Chen Yu said, building a third-party platform itself is not technically difficult, resulting in a lot of informal platform of pirated software and malicious app flooding. According to an industry personage to "it Times" reporter, some third-party channels to promote the "secret button app" cost of about 1.5 yuan, and this can also have kickbacks, and even false data.
Chaos Two: app Rights Management abused
While in the free mode of domestic Android software, Android developers inevitably have to earn cost and profit through advertising, advertisers also like the precise mode of delivery. But in the unregulated market environment, the "Developer SP Business/advertising third party platform," an Android platform for the survival of the ecological chain, but is gradually moving to a different path.
Overly-requested app permissions
Many users in the installation of some apps will find that, such as a gourmet app, perhaps in addition to the request to know your location information, but also put forward "can read/remove SD card", "can read all Address book" and other unrelated requirements, do not agree, you can not continue to install. So, does the handset still belong to oneself?
The Android Engineer "Dante is not calm" (net name) said that at present from the technical means to enable users to choose the installation authority, is entirely feasible. "Google provides the native Android does not provide the ability to turn off permissions, but these needs can be achieved through Third-party software, some security software built-in rights management functions, users can control the software network, SMS, call permissions." These are not complicated for developers who specialize in permissions, that is, a few lines of code. ”
Unfortunately, the "excessive demand for permission" phenomenon in the app is already flooded. An industry personage pointed out that in the app market, many advertisers, advertising alliances, developers are abusing the right to collect privacy information, and even some SP business companies to use relevant permissions left behind the backdoor, through the background plug-ins for malicious deduction fees and other acts, this has become an Android advertising platform deformity status quo. But the relative lag of security software, which makes users a bit confused.
"Security software can be added to the virus library and scanned on the phone after it has collected a virus sample." But now the virus and plug-in production before the release will use the mainstream security software first scan, if detected, as long as the replacement of the signature program can avoid killing. "Jinshan Network anti-virus engineer Tiejun to reporters, anti-virus software has a certain limitations, in the virus out before it can be identified and kill, the mobile phone is the same."
Authority issues caused by Google and other attention
Fortunately, the abuse of the app is becoming more and more important. According to industry insiders, at present, like 360 mobile phone guards, lbe security guru, mobile phone poison PA, etc. already have the corresponding rights management functions, users can be targeted to close off the app part of the permissions, and some systems already can do in app application installation and operation process, Selectively authorize the actual needs.
"Google's new 4.2 system, which integrates detailed permission display information when installing apps, has never been in the previous version." It displays the sensitive permissions that users need to install the software, such as networking, GPS permissions will be detailed according to the classification, so that users choose their own. For example, a game requires SMS permissions, which means that there is a fee deduction information, users can refuse to install the game. "Deep OS Android development engineer Chen revealed that Google has gradually begun to pay attention to the security of authority, and the requirements will be more and more high."
But let the user independently carry on the authority management, still have not small difficulty. Tiejun said that although the market has the analysis of the rights of the third party software, can be selective to close, but this demand for users is relatively high, "only to the Android system more understanding of high-end users to determine whether the permissions should be closed, ordinary users are difficult to distinguish." In the long run, it is important for the state departments to make clear the rules, so that the market norms healthy and orderly development. ”
The Stone of his mountain
Overseas Android Market polarization user security Awareness strong
The privacy of domestic Android users relies entirely on third-party security software and developers, platform self-discipline, but this and Android platform is intertwined, the huge ecological circle of the chain, compared to only a drop in the bucket. So what about the situation abroad?
Equally chaotic GooglePlay
"At present, more than 80% of foreign users download and install the app is based on the GooglePlay market, but the googleplay market itself is in a laissez-faire state, which is full of a variety of pirated and garbage app." and its program payments are open, developers casually find a credit card, pay 20 dollars can be created in the GooglePlay account and upload applications. "Engaged in Android game overseas agent distribution business, East product West still Network Technology Co., Ltd. CEO powerful to reporters, GooglePlay policy is" first on-line, then review ", and the app is not strictly reviewed and screened, and the corresponding punishment measures are very slight," Only the application in the use of the user report, GooglePlay will choose to shut down the developer account, but after the closure of the account, developers pay 20 dollars will be able to create an account. ”
It is understood that the overseas Android Market, in addition to GooglePlay and other Third-party markets, there are telecommunications operators market (such as vcast), equipment manufacturers market (such as Htclife, Amazonappstore), SNS social market (such as gree, DNA, etc.) and other types of applications to download the market. While the googleplay is relatively confusing, there are also excellent application markets such as Verizon's VCast.
Foreign operators market relative norms
"VCast First review, then upload, it to the development and upload of the mandatory real-name and ESRB grading standards." Real-Name System refers to the developer must upload their own business license, personal developers upload ID information, and the account binding into the credit systems, once the account has bad records, it is very likely to continue to upload applications; ESRB refers to the mandatory grading of age by application and game content, For example, divided into PG-13, PG-15, PG-18 and other age application. "According to the powerful introduction, VCast to the application of audit and supervision is very strict, and in addition to these two mandatory provisions, there are intellectual property rights and privacy protection."
"VCast also uses ARM/DRM's copyright protection mechanism to embed a protective SDK in the app. That is, an app can only bind to a mobile phone, users can not use the app after downloading and payment, which prevents developers from piracy and Shanzhai. Through Apkloader piracy measures, users can download to the application in any application market, but this is only a shell, need to load the resource bundle before use. And the application needs of the resource package on the developer's server, only the program shell passed the verification, can then download the resource bundle. Such protection measures are used in the application markets of Vofonda and orange in Europe. "Powerful introduction.
In addition, vcast to the user's privacy policy is very strict. Each application of WiFi, SMS, machine ID, lbs and other permissions, before uploading are mandatory requirements for detailed explanations and explanations, only to explain the reasons for the requirements of the authority to pass the audit.
High awareness of consumer self-defense
In addition to the strict requirements and supervision of the application of the third party market, the security awareness of foreign consumers is quite high, which has also largely curbed the chaotic image of the foreign smartphone market from the source. "Foreign users of the application of the requirements of the protection of the awareness is very high, especially for the privilege of the text message is extremely sensitive." They will carefully review the explanations for each permission, and may refuse to install it even after the instructions have been read. "Strong in the mention of this topic, but also a bit helpless, because they are in the domestic game agent abroad, has failed to finish," then selected a game to test, because to be through the text message channel to pay, so the right to open the information requirements. Most users, however, saw the need for SMS privileges and chose to reject the installation directly. ”
Moreover, foreign countries are also increasing the regulation and rectification of the Android platform. Foreign media reported that August 23, 2012, the United States Department of Justice announced, through cooperation with the Netherlands, France, the legal regulatory authorities to seize three of the industry's most well-known, specialized in the download website for Android piracy, they are appbucket, Sappzmartket, Applanet. It is reported that although the three Web site's servers are mainly located outside the United States, but the United States Department of Justice through its server with the government authorities to find criminal evidence on the server, and finally successfully seized the three illegal websites. Foreign operators are also vigorously hit the suction fee app type of dark buckle behavior, according to powerful reflects, Israel and other Middle East region SP Dark deduction fee business is also emerging, but after rectification, their profits plummeted to 1/10 before.
Domestic dynamic
The ministry is about to set up an evaluation system
"The current regulation of the smartphone platform is still in the short-term sports management stage, rather primitive, the punishment is not big enough." And there is no corresponding law in China. "Telecom expert Chen Jinchao Frankly, the domestic for Android platform based smartphone market regulation is still quite imperfect, and increasingly serious problem," the black industry chain attached to the smartphone platform is more serious, and the chain of collaboration is increasingly close. These viruses, dark buckle are fixed on the mainstream mobile phone platform, the more popular, the easier The recruit. ”
On the PC Internet, the management of the Web site has been basically on the right track, the opening of the site to record, to provide some network services to the Communications Management Department to apply for ISP card or ICP certificate, these government regulatory measures to effectively solve the previous year on the internet, all kinds of yellow Web sites, rogue software rampant Are there any similar government regulations in the emerging mobile internet era? Is there a standard for app's requirements for permissions? Should third party platforms also be filed?
According to "It Times" reporter understand, the smartphone platform related management methods are ready to be. "The ministry is building a long-term evaluation system to evaluate and spot the smartphone applications, built-in software, and the relevant national laboratories and research institutes are involved." The second is to put the third party platform into the management, set up to record, run to supervise. And the platform itself is also required to operate, especially for individual application developers to be included in the management system, such as the real name certification. Chen Jinchao said to the IT Times reporter, in addition to the above technical monitoring, the future will also improve the record of audit and supervision of a variety of means, the entire platform into the overall, standardized management system, while service providers and content providers also need to increase their own inventory, the regulation of malicious app dark deduction fees and other phenomena.
These chaotic images have also attracted the attention of other government departments. "As early as last year, the Ministry of public consultation on the management of Mobile terminals, and currently led by the Ministry of work, the relevant major national ministries are involved in joint action, the relevant provisions and laws are being closely prepared." According to Chen Jinchao revealed that the current state departments want to specific legislation, and the corresponding text has been drafted, the future of the mobile Internet platform for standardized management.
In addition, Chen Jinchao also said that, relative to government departments and the regulation of the law, users have to strengthen the awareness of prevention, starting from their own. "Users in the use of the process to be cautious, in the face of permission requirements and other information, do not easily confirm." After all, the crackdown and reorganization in the back, or to personal prevention as (blog, Micro Bo) first. ”