On Sept. 3, in view of the exposure of "ZAO" App user privacy agreement is not standardized, there are data disclosure risk and other network data security issues, the Ministry of Industry and Information Technology Network Security Management Bureau of Beijing Momo Technology Co., Ltd. related to the inquiry and interview.

It sounds shocking, but ZAO is by no means the first App to collect personal information. In recent years, the collection of personal privacy by mobile App has become more and more serious. Although it has been exposed several times, the attitude of relevant enterprises is ambiguous. ZAO's accidental popularity once again exposes the shortcomings and difficulties of personal information protection of our citizens. Before the relevant legislation is enacted, the public must be careful to avoid the personal privacy trap before using mobile App.

The trend of excessive collection of personal information is widespread

Consumption records are analyzed by shopping App, travel accommodation is mastered by travel App, and driving routes are well known to navigation App. In front of big data on the Internet, ordinary users are almost "naked", and once these data are leaked, the consequences are unthinkable. To make matters worse, some mobile phone App has been excessive from the beginning of information collection.

On August 29, 2018, the Consumer Association of China released the "App Personal Information Leakage Survey Report" that mobile apps need to obtain a wide range of rights, and over-collection of personal information is a common trend.

On November 28, 2018, the 100 App personal Information Collection and Privacy Policy Evaluation report was released by the China Consumer Association after a comprehensive evaluation of 10 types of App. According to the report, more than 90% of the permissions listed in the 100 App are suspected of crossing the line, that is, excessive collection of user personal information.

Ten App categories were tested for communications, social, audio, online shopping, transaction payments, travel navigation, financial management, travel accommodation, news reading, email.Cloud diskAnd photography beautification, basically including the public daily use of App all types. "location information", "address book information" and "mobile phone number" are the most common contents for excessive collection or use of personal information. In addition, users' personal photos, personal property information, biometric information, work information, transaction account information, transaction records, Internet browsing records and so on, are overused or collected.

At the beginning of this year, the Central Network Information Office, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the General Administration of Market Supervision issued the announcement on the Special Governance of illegal and illegal Collection and use of personal Information in App. The China Consumer Association, the China Internet Association and other departments jointly set up a App special governance working group to evaluate the privacy policy and the collection and use of personal information of App, which has a large number of users and is closely related to the lives of the people.

However, under the fierce offensive of special governance, the problem of excessive collection of personal information by App has not been curbed.

This year, CCTV's 3.15 party introduced the case of personal privacy information leaked through mobile phone App. The host used a App called "Social Security handheld" to query personal social security information. By grasping and analyzing the data packets, the network security experts found that the user's information had been sent to a big data company at the time of inquiry.The server.

On July 16, the above-mentioned App Task Force on Governance issued a circular saying that 40 Apps had problems in personal information collection and had not disclosed effective contact information. The working group urged the operators of the 40 Apps to complete the rectification within 30 days and submit a report to the working group. The announcement shows that the Wi-Fi Universal Key, Tonghua Shun, ink weather, settlers, encyclopedias, starting reading and other common Apps are all on the list that need to be rectified.

The way of collecting personal privacy is becoming more and more covert.

In 2018, a new brand of mobile phone was equipped with a lift front camera, which will automatically rise from the phone when it needs to be called. However, some users find that when using App that does not need to call the front camera, such as some browsers, the camera still rises automatically, which means that the privacy of the user may be compromised.

As a result, many netizens said that there will not be only one front-facing camera that exposes personal privacy. In fact, mobile phone microphones, GPS positioning, fingerprint collector, Internet data, voice calls and so on may be recording user data, while some App collects the data.

In March, there were media reports that some Apps were suspected of "eavesdropping" user information. Subsequently, explanatory responses were given by these operators. But in fact, Apple's way of collecting personal privacy is not limited to "peeping" or "eavesdropping".

It is understood that, in general, the installation and use of App can only seek the consent of the user for some of the necessary permissions. Among Android phones, the following permissions are most often fetched, one is to "read the list of installed applications", so that you can understand and analyze the user's usage habits; the other is to "read the native identification number", which is mainly used to determine the identity of the user; the third is to "read location information", which must be accessed by obtaining the location and collecting the user's range of activities, such as navigation software.

However, in real life, many App claims are common, such as video software requires reading motion data, information App requires camera and microphone recording permissions, and so on. "in order to provide you with better service, we request to obtain these permissions." It becomes a universal skill to obtain the relevant authority.

The use of mobile phone App is abused, and the content of privacy provisions is not up to standard, which may lead to the disclosure of users' privacy, which may lead to illegal trading of personal information, telecom network fraud and other Internet security incidents.

Strengthen Privilege Management to Prevent Privacy Leakage

Generally speaking, to solve the problem of excessive collection of personal information by mobile phone App, lawmakers and law enforcers need to work together to find solutions in line with the law of Internet development, as well as App development managers to standardize their behavior, express privacy provisions, and app stores should conscientiously fulfill their platform audit responsibilities.

The 2012 decision of the standing Committee of the National people's Congress on strengthening the Protection of Network Information states that "the State protects electronic information that can identify the personal identity of citizens and involve the privacy of citizens". "Network service providers and other enterprises, institutions and their staff must strictly keep their personal electronic information collected in their business activities confidential and shall not divulge, tamper with or destroy it. It shall not be sold or illegally provided to others.

Network security law stipulates that network operators shall not collect and use personal information in violation of the provisions of laws and administrative regulations and the agreement between the two parties, and shall process the personal information they keep in accordance with the provisions of laws and administrative regulations and the agreement with users.

At present, criminal law, general provisions of civil law, consumer rights and interests protection law, network security law, e-commerce law and so on, all involve personal information protection. However, although there are relevant legal provisions, the collection of personal information of citizens by Internet enterprises has not been regulated. Strengthening the protection of personal privacy and special legislation on personal information protection have become a common call in recent years. During this year's two sessions, officials announced that the standing Committee of the National people's Congress has included the formulation of personal information protection law in the current legislative plan, and relevant departments are working hard to study and draft it with a view to introducing it as soon as possible.

However, at this stage, what ordinary mobile phone users can do is to be as vigilant as possible to prevent privacy disclosure. Industry insiders remind users to choose well-known App stores to download applications as far as possible; when installing and using mobile phone App, pay attention to reading application permissions and user agreements or privacy policies to see if there are privacy "pitfalls" in them. After download, App is managed. In general, turning off most of the permissions of App "tariff related" and "privacy related" does not affect the normal use of App (except for some App functions that need to be "located").

Some mobile phones have permission recommendation function, according to the functional properties of App, recommend users to turn on or off permissions. Android users can use "permissions management" in mobile phone settings, IOS users can see through "privacy" what permissions they download App software, which permissions are turned on, unrelated, involving privacy manual shutdown. Regular screening is recommended to turn off all authorizations that do not affect normal use to avoid "rogue software" collecting personal information without knowing what is going on.

It is worth noting that when using mobile App, you should not log on to unknown WiFi at will and brush two-dimensional code at will. In addition, even if you don't intend to turn off some of App's privileges, don't worry, such as prompting you that you can't have video chat, etc. Open the relevant privileges when you use them.