3 Sins of mobile gaming business to steal users ' privacy by using an Android system

Intercept SP billing information, steal user privacy, pack party rampage Zhao Nan with the open source and openness of the Android (Android) system and its application market, some mobile phone game operators "paralyze" users by means of technology, repeatedly absorbing fees and getting bad returns. "2012 China Game Industry Survey report" showed that last year, China Mobile [micro-blog] game users up to 89 million people, an increase of 73.7%, mobile gaming market sales revenue reached 3.24 billion yuan, an increase of 90.6%. Another data show that up to the end of 2012, the domestic Android phone holdings of 180 million. According to 91 wireless data reports, from the fourth quarter of 2011 to the first quarter of 2012, mobile game application download accounted for the total download volume of 30%. With the increase in application volume, mobile phone game application suction fee chaos. "The first financial daily" reporter survey found that some of the game operators on the Androping platform, through interception fee information, theft of user privacy, the implantation of malicious ads to build bad profiteering chain, many mobile game users often fooled. Interception fee information reporter through a number of mobile game users of the survey found that users often because of the game in the application fee, not receive the operator's deduction of SMS, and mistakenly think is not paid success, so many clicks to pay. And some game operators, it is also the use of users of this mentality, interception operators of the deduction of SMS, suspected infringement of the user's right to know, causing users to pay many times. According to the reporter survey, the domestic mobile games platform games, the production of the "Ultimate Hurricane 3D Drift", "3D Ultimate Hurricane 2 (HD edition)", "The Battle of the Farm 2 (New Year edition)" are suspected of intercepting the operator of the SMS Code of the behavior of the charges. Reporters in the games on the official platform to download the installation of some of the above Android games to Android mobile phone, in the text of the message contains "China Mobile" keyword, the message will be "abandoned", unable to charge. In addition, the above game, the small Austrian side is also suspected to intercept with "game points" and other keywords. Under normal circumstances, in the above game to buy game props, users will receive the following message content: "[x:x (such as: 10:30)]" China Mobile reminded you have successfully purchased the game: XXX (game name), prop name: xxx (such as: 20 gold coins), the consumption of game points xx point. Game points Recharge situation please pay attention to 10086 of the reminder message, more wonderful games in g.10086.cn mobile phone games. That is to say, "China Mobile", "game points", are the key words to intercept the above message content. An industry personage who declined to be named said that the above practice of the Games would also lead to users being shielded from other SP business (mobile value-added services) on Android handsets equipped with the games. The reporter many times to the small Olympic Games to understand about the above incident motivation and fact explanation, as of press, have not received a response. The industry said that, because the current mobile payment of the industrial environment is not sound, some Android application of the game operators paid by the SP generationThe way of deduction is understandable, but with the openness of Android system, change the underlying data to intercept the deduction of SMS, deprive users of the right to know, the industrial environment is greatly damaged. Theft of user privacy without notice to users, through the cloud technology to control the privacy of mobile phone users, in the Android game application market also occurs frequently. According to the reporter investigation, obtains "the Angry Bird", "the Fruit Ninja" and so on Variety international popular mobile phone game in China the only authorized agent game Operation company Fun game, its official website amuse the game web site to provide 59 type of Android game, except "The Gravity kid" cannot download, The remaining 58 games have 44 of the theft of user privacy behavior, including the more well-known "Fruit Ninja", "Bird blasting", "chicken forward." This reporter to the fun game agent operation of the "Red Police: the World Federation" and "Red Police (official Chinese version)" Two games were investigated. The above game without notifying users, the collection of user privacy includes: Upload the local mobile phone number, upload Google Gmail account, upload machine ID, screen resolution, the installation of the application list, this machine all contact names and telephone and e-mail address, receive cloud instructions to download other applications, Upload Fun Game Center login name, upload current location information. Among them, upload all contact person name and telephone and email address, receive cloud instruction to download other application behavior is worse. This reporter kept the relevant evidence. Reporters from a number of industry insiders learned that without the consent of the user agreement, the phenomenon of access to user privacy information is not uncommon, mainly to meet the application needs to obtain the basis of information to expand Services, but generally do not have all address lists and e-mail addresses for the call, and will not receive cloud instructions to download other applications. The latter approach may be to facilitate user data mining, to launch precision marketing, and secretly inject other applications to users to promote joint promotion, may be worse is the sale of user privacy data for his use. According to people familiar with the matter, the 2012 average monthly income of Le tease game is about 10 million yuan, in a weak profit, the main income from advertising. For the above situation, le tease aspect refuses to respond to this newspaper's interview request. "Packing party" rampant in the current various Android App Store, "packing party" phenomenon is also more popular. "Packaging Party" refers to the popular software in the implantation of malicious ads and viruses Trojan Horse, the use of consumers in hot pursuit of popular application of psychology, and ordinary people difficult to distinguish between genuine piracy, as well as the application of market security supervision ability, so that malicious ads and Trojan horse smoothly into the user's mobile phone. In the application of Innovation Workshop investment in the exchange, the reporter search the current more well-known mobile games "Temple Escape", the official version of a total of three, respectively, "Temple escape 1", "Temple Escape 2" and "Temple Escape: Courage." But the search results appear "Temple escape 3", download volume is also nearly 1000 times. Some industry insiders told reporters that such piracy applications are likely to carry malicious ads. This January, the "MDK Zombie network" incident was reported by the media, a mobile phone security person told reporters that through the MDK backdoor procedures, botnet controllers can at any time steal and upload user SMS content, personal photos and address books. In addition, quietly downloading a large number of software in the background, will also consume a lot of mobile traffic. A person engaged in security business told our correspondent that more and more PC Trojan hackers began to turn to mobile phone security damage, compared to PCs, mobile phone privacy and the user's behavior positioning more accurate, so there is more business interests to map. June 2012, the Ministry of Industry has issued "on the strengthening of mobile intelligent terminal access to the network management Notice" (draft), requiring mobile terminal manufacturers to apply for network permits, to the pre-installed application software and providers to explain, The production enterprise must not in the mobile terminal contain the malicious code and without the user consent to collect and modify the user's personal information, and may not preset without the user consent to transfer the terminal communication function, resulting in flow cost, cost loss and information leakage software. However, the draft was not formally implemented. There are people in the industry said that there is no good user protection measures, users in the strengthening of prevention, mobile phone application store operators should also strengthen their own safety standards, and the application of the store and security companies, through the application of the form of certification is also a model can be attempted.