Information leaked at CCTV 315 party was focused on exposure

After the CCTV exposure, the gold map, the public defender and so on to respond to this, said the survey used version is past, now the version has not been in the investigation of the problem expressed. The gold map also said that previously through the form of plaintext transmission and microblogging and other social platforms docking, and did not appear the user information disclosure.

The open source feature of the Android system allows the application to determine the startup mode and access to the device information, many of the user names and passwords are stored in plaintext, the risk of user information disclosure. How to use and not misuse user information is a long-term issue for future mobile developers.

Many companies have been exposed for collecting user information

The CCTV survey found that blue box technology companies can collect user information through the software. The software installed through the mobile phone can get the serial number of the user's mobile phone, geographical location, they will even induce users to fill in the phone number, upload avatar, after reading upload to the server in the background software can be seen.

The map provider, the map, was burst with the problem of transmitting the user's account and password through the location sharing service.

Later, the gold map responded that CCTV exposed the old version two years ago, was subject to the sharing of micro-blogging technology, the use of analog user login. Since the May, micro-Blog Change login mode, the map of the gold and then replaced the third party login and verification methods, is the map of the German version has been all resolved this issue.

Another public defender also responded to CCTV's investigation with an official response: "The internal investigation is the old 1.0 version a year ago." Since the release of 2.0 and Beyond last May, there are no reported related issues. ”

Public comment Software also responded that the operation on the Androping platform will not crawl the user's personal privacy, will only use some equipment information, in order to provide users with the corresponding services, such as the use of GPS positioning.

In addition to software development companies, some mobile internet advertising companies in the United States advertising, palm wide mobile and so on, through the mobile phone application software embedded in the SDK package, can easily access user personal information.

Limei Advertising CEO Shuyi responded that direct access to user accounts and passwords is software applications. As an advertising platform is not directly contact, you can see the user behavior habits, not access to direct user information.

Android Open source brings information use risk

CCTV focused on the issue of Android phone software. Android's open source feature allows applications to decide how to boot up and get the device information, and many of the user names and passwords used are stored in plaintext.

A mobile internet investor who declined to be named said that because of the openness of Google's Android system, it would inevitably pose a wide range of problems because of openness. Apple's iOS system or other mobile OS also collects user information via mobile software.

The investor believes that it is not illegal to collect user information, but to consider the purpose of collecting information, rather than beat, and withholding information on the leaking hat.

"If it is through the collection of user information is to improve the software by tracking user behavior, to bring more convenience to users." This is reasonable. It is illegal to use collected user information for profit or resale. ”

In another dimension, the parsing of information is a standard to consider whether or not to constitute a user's information disclosure.

"Technically, if you are doing behavioral analysis on a large scale of user information, this does not touch a single user's information disclosure." "The investor said.

Industry self-discipline helps ecological chain develop healthily

The CCTV exposure of Android mobile phone software to collect user information caused by information disclosure, the Android mobile phone application industry chain mentioned a wake up.

In this industry chain, due to the characteristics of open source, free application for profit will push to send large quantities of advertising notification messages. Social software username and password, SMS content, communication record, personal location and behavior are also easy to collect and use.

Before the CCTV exposure, the NPC representative, Guangdong Mobile general manager CPPCC has warned users to be wary of mobile phones into "grenades." He suggested that the government-led, integration of all sectors of the community, mobile phone applications and mobile application software to strengthen the management, the establishment of a green, safe, honest industrial environment, to ensure that users of mobile information security.

"Overall, CCTV exposure is a good thing. The vast majority of software companies that collect user information and disclose their privacy are mostly irregular software firms, and large companies that operate on a larger scale are afraid to do so. Through exposure can correct some improper practices, the development of the industrial chain is a good thing. "Shuyi said.

The direct benefit is the handset security manufacturer. such as Jinshan and other security vendors in 315 evening exposure mobile phone software to steal the privacy of users, then said, "Jinshan mobile phone poison tyrants the first time to completely intercept." Jinshan Mobile phone Poison PA has the intelligent Privacy Rights management, can guarantee the user privacy not to divulge. ”

Tencent Mobile Security Laboratory experts suggest that mobile phone users to start mobile phone security software "privacy monitoring" rights management function, can protect the privacy of mobile phones.

For the future development of the eco-chain, Shuyi that the most important thing is the industry self-discipline. For developers, it is important to pay more attention to the compliance problem of information use.

"Legitimate use of information, do not violate user privacy, is a developer to comply with the principle, but does not mean not to call any information, otherwise mobile applications will not be able to run." The head of the public comment said.

Shuyi that to achieve industry self-discipline, for mobile advertising platform, the most important thing is to do a good job, one is good advertising content as far as possible not to cause users disgust, the second is to avoid the problem of malicious push ads.

After the CCTV exposure, many users said that Android phone information leakage is too terrible, will consider switching to other systems of mobile phones.

Will application promotion be affected?

"A short period of time will be offensive to mobile phone use and mobile advertising, but this trend is unstoppable." Advertising is everywhere, and mobile advertising is also a big trend. "Shuyi said.

For the user, the use of smartphones is no more than the previous function machine, self-protection awareness is more important. There are security expert tips, users should pay attention to all types of mobile phone application access to sensitive rights, timely rejection or to the problem should be used as a delete processing.