Source: China Consumer Daily
Figure 1: The "WiFi Master Key" APP on the iOS side, the background data refresh is turned on by default and cannot be turned off.
Figure 2: Most of the evaluations of the "WiFi Master Key" APP on the Android side are relatively low. Profile picture
App leakage of personal information is repeatedly prohibited, platform software bundling is difficult to control, children's electronic device safety is difficult to ensure... During March 15 this year, many problems in the field of information and communication were exposed. Subsequently, the Ministry of Industry and Information Technology strictly investigated and dealt with problems such as tricking users into downloading malicious apps in the name of free WiFi, forced bundling of downloads by application software platforms, harassing phone calls, and safety protection of children's watches. However, the reporter of China Consumer Daily found in the investigation that despite repeated heavy blows by the regulatory authorities, the above problems have been repeatedly prohibited.
There are still malicious free WiFi apps
The reporter learned from the Ministry of Industry and Information Technology that in response to the 3 malicious APP exposed during 3.15 to trick users into downloading WiFi cracking wizards, radar WiFi, Yuebao WiFi assistants and other 3 malicious APPS exposed during the 3.15 period, the Ministry of Industry and Information Technology removed the shelves for the first time, and organized the relevant provincial communications administrations to investigate and punish the 3 enterprises involved according to law.
The reporter searched the App Store of Android and Apple and found that there is indeed no trace of these 3 APPS now. But wildfire burned endlessly, and similar software could still be found in app stores for both operating systems, and user ratings were very low. Taking the iOS system as an example, the reporter searched the Apple App Store and could see many such apps. Judging from the user reviews, it was either a few years ago or the reviews were very poor. Some insiders pointed out that with the reduction of monthly traffic prices year by year and the popularity of indoor WiFi, the demand for rubbing the network has indeed been small.
In the comment area of a once-famous "WiFi Master Key" APP on the Apple Store, 12Aakk, a user who has been using the APP since 2013, commented: "The app makes the close button of the advertisement smaller and smaller, and it is easy to click into the link advertisement; there are more and more erotic titles; the interface has only been changed once in 2015, and the content is mostly repetitive; there is no advertisement when it is first used, and then there is an advertisement when clicking into the interface, and now the use process will automatically jump out of the advertisement." Less and less practical but more and more memory. Finally, the user concluded: "It has gone from being a utility to being unsightly. And gave a rating of 1 star (out of 5).
After downloading the APP, the reporter saw that the background data refresh of the APP is opened by default and cannot be closed, and there is indeed a large amount of unhealthy content on the video page.
After searching the app store of a variety of Android mobile phones, the reporter found that there are also many such applications, and most of the user evaluations are relatively poor.
In the short term, the app store is difficult to become a pure land
Industry analyst Jin Feng believes that there are still some "light gray areas" of supervision in app stores. For example, many small vendors' applications, if they are not launched through channels such as regulated app stores and hardware with network access licenses, will generally only be managed after infringing on user rights and interests.
Ma Jihua, a telecommunications and Internet analyst, told China Consumer Daily that no matter what method of obtaining personal information or violating laws and regulations, as long as it is profitable to do so, it is impossible to avoid it completely. Therefore, supervision is a long-term process, which includes the use of technical means to strengthen the functional detection and monitoring of various applications, and the application of applications with personal information collection functions, but also to assess the necessity, legality and legitimacy of their collection.
Ma Jihua believes that whether it is personal information leakage or APP-induced download, it is a deformed business model in the era of the Internet and mobile Internet. But regulation and governance also need costs, and more importantly, all aspects of the joint management, in the short term, it is unlikely that the app store will become a pure land. What can be done now is to minimize these violations, control their brutal growth, and provide consumers with a cleaner and safer cyber environment.
The reporter learned that the Ministry of Industry and Information Technology is organizing a third-party testing agency to conduct a comprehensive technical test of WiFi connection APP. The relevant person in charge said that it will continue to strengthen the protection of personal information of telecommunications and Internet users, carry out special governance against infringement of user rights and interests, strengthen technical testing and supervision and inspection, increase disposal and exposure, actively cooperate with relevant departments to severely crack down on illegal and criminal acts such as the network black and ash industry, and make every effort to create a safer and healthier information and communication consumption environment.
Dai Wei, the relevant person in charge of the Internet Society of China, told reporters in an interview with China Consumer Daily that the Internet Society is also cooperating with the regulatory authorities to carry out standardized governance and purify the network environment. Including practicing the "Clearwater Bay Initiative"; urging application stores to carry out self-inspection, cleaning up application software that tricked users into downloading malicious apps in the name of free WiFi, improving the shelf review mechanism to prevent similar application software from harming users' rights and interests again; urging software download platform enterprises to carry out self-inspection, timely rectification, and put an end to problems such as forced bundled downloads.
The harm of rubbing the network APP cannot be ignored
Those apps that claim to provide "free WiFi connection" functionally mean that they can crack and view WiFi passwords, one-click free WiFi connection, etc. The WiFi connection APP downloaded by the reporter requires permissions such as location information in addition to requiring user login information. For reasons of personal information security, the reporter did not log in and agree.
He Yanzhe, director of the review department of the Information Security Research Center of the China Electronics Technology Standardization Institute and an expert of the 3.15 Information Security Laboratory, told reporters that from the functional point of view, the malicious rubbing network APP has problems such as false functions, deceptive downloads, pop-up ads harassing users, a large number of user information collected in the background, and frequent self-start, which will bring serious hidden dangers to the user's personal information security and mobile phone use security.
He Yanzhe said, for example, the "WiFi cracking genie" APP, after opening, shows that there are many WiFi resources, but clicking on none of them can be connected. When the user clicks on the words "confirm" and "open" in the ad pop-up window, two similar apps will be automatically downloaded to the phone. Once installed, it is equivalent to a malicious APP with false functions, ads that cannot be turned off, and information theft in the mobile phone. In addition, the mobile phone will automatically pop up various advertisements from time to time, and it cannot be turned off without watching enough for 5 seconds. Even if the user closes the APP from the background, it can also wake up through the "self-start" mechanism, collect information without the user's knowledge, frequently pop up advertisements, and consume system resources.
He Yanzhe also said that some malicious network apps collect a large amount of user information, collecting location information more than 60,000 times in a day. That is to say, the APP is constantly positioned within 24 hours, theoretically, the user's life trajectory can be strung together, so as to grasp the user's life rules (such as commuting), consumption habits (such as shopping malls), health status (such as hospitals), occupational conditions (such as office space), home address and other sensitive information. Once such information is maliciously exploited, users may face the risk of excessive harassment, precision fraud, etc., and their rights and interests are seriously threatened.
"In short, these WiFi connection apps have a large number, and many rely on promotion through links in advertisements, and form an industrial chain by pushing each other's advertisements and associated downloads." He Yanzhe said, "Users have wasted a lot of time except watching a bunch of advertisements, personal information is constantly collected, and mobile phones are used to stutter nothing." ”
Liu Haoxin of the Cyber Security Center of the China Electronics Technology Standardization Institute made suggestions on this: report and uninstall the APP with similar behaviors such as false functions and ads cannot be turned off; choose the regular application store to download the APP, do not easily obtain a third-party APP from the advertising pop-up window; find that the mobile phone is stuck, you can view the APP with high-frequency access permission and consume too much traffic through the settings, such as the very useful can be uninstalled; through the settings in the mobile phone system, prohibit the self-start behavior of the problem APP, etc.