January 14th, according to the "multi App remotely delete user photos", the App governance team published a comment on its official account of WeChat public on "App personal information report" today. It said: in the face of the actual needs of users to upload photos and so on, permission has to be opened. After opening, how to use and when to use permissions? Because of this inherent "contradiction", app has the space to operate by itself, which always exists. Mobile operating system and app still need further innovation and development in the access mechanism to reduce the possibility and space of abuse.
It is understood that the app special governance working group is jointly established by the National Information Security Standardization Technical Committee, China Consumer Association, China Internet association, and China Cyberspace Security Association to specifically promote the evaluation of app's illegal collection and use of personal information.
The app governance working group said that not only the "storage" permission, but also any permission may be abused in theory. The reason why abuse does great harm is that once it happens, it will cause "fatal" harm to the user's sense of security. Even if a lot of subsequent compliance work is done, it is difficult to restore the user's "trust", and it is a "high-voltage line" that cannot be touched.
This incident reflects the unequal rights between app and users,After the app obtains the storage rights, it can not only perform the corresponding product functions, but also operate without the user's feeling, and even collect and delete user data illegally. It is very clear that if the app fails to let users know the operation behavior of user data, it may be deemed as failing to fulfill the express rules for the collection and use of personal information, collecting and using personal information without the user's consent or in violation of the agreement of both parties.
The event itself has provided a very valuable reference to prevent the risk of thinking, that is. If the relevant behavior is initiated by the user, the user will not doubt. If it is the app's private behavior, it will be exposed because of the exposure. And through the huge social supervision force, it can promote the behavior of app to be more "regular". Obviously, one of the most effective ways to prevent this risk is to promote the Android mobile phone operating system to be able to record and prompt sensitive behaviors such as app reading and writing to the public storage area.