After the mobile phone number is cancelled, the Weibo and game accounts are still logged in! How to cancel the mobile phone number more safely

Many people cancel their mobile phone numbers that they no longer use, which seems to be a normal behavior that can lead to a series of consequences if not handled properly.

Recently, "canceling a mobile phone number is equivalent to selling yourself" has been pushed to the hot search, which has aroused widespread attention. At the moment of the online real-name system, mobile phone numbers are many App authentication login passes, and the recycling and reuse of these numbers by operators will bring a lot of trouble to new and old users, and some even bring privacy leakage or property loss, and more people often receive some inexplicable "spam information".

After the user cancels the mobile phone number, it is recycled by the operator, and the number will be put into the number pool to release the number to the new user, which is called "secondary number" within the operator. Although there is a freezing period of more than 90 days before the "second release", some loopholes in the "second release" still make many people deeply troubled.

The trouble caused by the "second release".

Li Ming (pseudonym) moved from Shanghai to Guangzhou a year ago, and in order to facilitate communication, he applied for a local mobile phone number in Guangzhou. After his new number was activated, he successively received information from the owner of the original mobile phone number to collect arrears one after another, which made him feel a little nervous. Li Ming said that these numbers are not commonly used now.

It's not just spam information, Li Ming tried to use this number to log in to Weibo and other social accounts, and he could see what the former owner followed on social media.

Similar to Li Ming's situation, the mobile phone numbers of Ni'er (pseudonym) and his wife are both "secondary number" numbers.

"My husband's mobile phone number can be logged in to the former owner's Weibo, and my mobile phone number can often receive information from the former mobile phone owner about what plane he took, when he landed, how much money was deducted, etc., even if I unsubscribed, I will always receive it. Nier said that the mobile phones of the two are not an operator, but they have been recruited for the "second release".

Ms. Yue's situation is more complicated, she used her ID card to apply for a mobile phone supplementary card for her father, and her son successfully registered a game account and spent 600 yuan while playing with his grandfather's mobile phone. Since the child was underage, this seemed strange to her.

Ms. Yue said that after she explained to the game company that the child was a minor and could not have an account, the local game company in Shanghai informed her that the mobile phone number matched the game account of the previous mobile phone number owner. She found multiple platforms to complain, but so far she has not asked for the consumption back.

From the above cases, it can be seen that the "second release" has indeed brought a lot of troubles to new users.

A few days ago, the "canceling a mobile phone number is equivalent to selling yourself", which caused heated discussions before, mainly refers to the former user casually discarding or canceling the mobile phone number, which may lead to privacy leakage risks or property losses.

Judging from the feedback of new users of "secondary number release", it is easy to log in to the social account of the former user through the mobile phone number. If the former user has set up passwordless payment in the payment process, it may cause certain economic losses.

The correct posture for "Cancel Mobile Number".

Since there are many risks associated with "canceling a mobile phone number", what steps need to be taken before and after canceling a mobile phone number to ensure that the mobile phone number is safely deleted?

The suggestion of the customer service of the telecom operator is that the user needs to unbind the App before canceling the mobile phone number, and the operator has no right to help the user unbind. At the same time, if the user finds that the App account has not been unbound after canceling the mobile phone number, the operator can also assist in unbinding.

Due to the large number of apps, many users themselves can't remember how many apps they have registered. Previously, the Ministry of Industry and Information Technology officially launched the "One Card Check 2.0" service - the national Internet account "One Card Check Search", which allows users to query the number of Internet accounts associated with their mobile phone numbers and the last six digits of their ID numbers.

The Paper reporter also tried the "one-card check" service, and the query results were sent to the mobile phone by text message a few minutes after submitting the application.

However, it should be pointed out that at present, only more than a dozen head apps are connected to the "One Card Check 2.0" service, and the account information of many other apps cannot be queried.

Fu Liang, an independent telecom analyst, also pointed out that at present, the "one-certificate check" only supports 16 head applications. In terms of usage, these 16 top apps can account for more than 95% of all app usage, but these apps account for a very low proportion of the total number of apps. In addition, many users rarely log in after registering certain apps, making it difficult to count apps bound to personal numbers.

Fu Liang further pointed out that in other companies' apps, the verification code is not issued by the telecom operator, the operator only provides an SMS channel, and the telecom operator does not know how many websites the user has registered with the "mobile phone number + verification code", and which websites they are. What's worse is that not all apps support the cancellation of registered users, and the relevant departments have clear regulations, and the head companies also implement them well, but for a large number of "long-tail" applications, it is not necessarily.

Therefore, the matter of unbinding the App is mainly solved by the user himself, and other parties have certain technical means, but they cannot solve all problems.

What can major app manufacturers do?

Mobile phone number + SMS verification is a method accepted by all major App logins, so do App manufacturers have relevant measures to restrict the user's account before the "secondary number" user logs in?

The surging news reporter also asked Weibo customer service about the identification of "secondary number" users. The relevant customer service staff said that if there is such a situation (the second number login account), it is still the priority to change the mobile phone number. According to the customer service, there are two ways to bind a mobile phone number to Weibo, one is a simple binding, and you can log in with your mobile phone number. The other is to bind a mobile phone number for verification, for example, a verification program used to change passwords, but there is no way to directly log in to the account with a mobile phone number. In the second case, even if the second owner uses the previous owner's mobile phone number, the account cannot be logged in.

In addition, according to the surging reporter, if the user's Weibo account has not been used for a long time, the system will consider the account to have security risks and automatically set the protection status. When you log in to your account, a message may appear on the page that says "The account has not been used for a long time and is under protection". The user is required to enter the account password on the login page, and then activate the account or re-register a new account according to the prompts on the page.

However, at present, the specific time of "long-term unused" is unknown, but it should exceed the freezing period of 90 days of "secondary release", otherwise there will be no multiple "secondary release" users who can log in to the Weibo account of the former owner.

Some apps can automatically identify whether it is a "secondary number" mobile phone number login. When the surging news reporter tried to log in to the Baidu App with a mobile phone number + verification code, the page prompted "The mobile phone number detected is the operator's secondary sales mobile phone number, and the mobile phone number that may not belong to you is bound", and provides an entrance to unbind. If the user insists on continuing to log in to the account, the page will require the user to perform a second verification, such as email verification, account password login, and complete the complete information of the user name to verify the identity.

If social networks are mainly involved in privacy issues, apps with payment functions may cause property losses to users on the issue of "secondary number release". Of course, such as JD.com, Taobao, and WeChat, they all need to enter the payment password again in the fund payment stage, unless the small amount of password-free payment is required, and the password confirmation is also required for large-value transactions.

Taobao is also one of the most frequently used apps. Taobao replied that the first situation is that the mobile phone number that passes through the operator's interface will be marked, and when the user logs in, the user will be guided to re-register. In the second case, if there is no operator interface, there will be a small probability of mistakenly logging in to other people's accounts due to the second release, and the platform will also actively push the binding mobile phone to the previous Taobao account user, and it is recommended to change the security reminder that the binding phone has become invalid.

People familiar with WeChat told The Paper reporter that the "second release" of the mobile phone number will not simply lead to the WeChat account being logged in by strangers. When WeChat logs in on an unfamiliar device, you need to conduct a second verification, the first verification method is "use the original device to scan the code", and the second verification method is "ask a friend to help verify". Therefore, if the operator releases the number for the second time, the new user cannot directly log in to the WeChat account registered by the old user through the SMS verification code.

People familiar with QQ said that if QQ logs in on an unfamiliar device, it will trigger two-factor authentication, and only by continuing to verify QQ password or other information can you successfully log in. Therefore, the operator's second release will not cause QQ to be logged in by new users. Tencent also said that other Tencent projects, including games, are all logged in through WeChat or QQ, and it is impossible to log in with a mobile phone number.

On April 22, miHoYo told The Paper that for the risk of "secondary release" of mobile phone numbers, miHoYo suggested that players should change their mobile phone numbers in time after the mobile phone number is cancelled, "If you don't change your mobile phone number, there may indeed be certain account security risks." ”

How can the "second number" be further improved?

It is understood that due to the limited number resources of operators, it is a common practice for operators around the world to recycle numbers for reuse.

Due to China's large population, number resources are more tight, and the three major operators have been recovering mobile phone numbers for "secondary release".

According to the provisions of the "Telecommunications Regulations" and the "Telecommunications Service Specifications", if the user fails to pay the fee within 30 days of arrears, the telecommunications service provider may suspend the relevant service, that is, "shutdown"; if the user fails to pay the fee within 60 days after the shutdown, the service can be terminated, that is, the number is cancelled; and the time from the cancellation of the number to the reactivation (secondary release) is at least 90 days, which is called the "freezing time limit", after which the number can be released again. It can be seen that the "secondary release" complies with relevant laws and regulations.

However, when the user goes to the operator to purchase a mobile phone number, the operator staff will not tell whether it is a "secondary number" number. In fact, it is difficult to tell whether the card number is "secondary number".

You Yunting, a senior partner at Shanghai Dabang Law Firm, said in an interview with The Paper: "This is actually a loophole in the system design. ”

You Yunting said that there are many places that require a real name now, and if you have a mobile phone number, you will default to being a real-name user, which leads to one of the root causes of many problems in the "second release". In addition, there is no one-click unbinding channel at present, and the system does not add this function in the early stage, and there will be more problems if you add it in the later stage.

In fact, to solve this problem, the responsibility of the operator cannot be escaped, and the relevant departments also need to grasp this problem, why sending a mobile phone verification code is a real name? In addition, the Ministry of Industry and Information Technology should have a specification for canceling mobile phone numbers. In this way, if the mobile phone number changes hands, the related services should be automatically stopped. You Yunting believes that if possible, suspend the "second number", although the operator has lost some number resources, but it is a kind of protection for users.

Fu Liang has three suggestions for the management department: first, fully realize the strength of the security level, "ID number, name, live" is higher than "ID number + name + mobile phone verification code", higher than "mobile phone number + verification code", the former is more secure, can "endorse" the latter, and the latter cannot endorse the former. "Mobile phone number + verification code" can be used for real-name login, but cannot be used for security verification in the payment process. Second, strengthen the abnormal judgment of the app. The quiet period after the cancellation of the mobile phone number is judged to be abnormal in the App. In the login verification of mainstream App software, it is mandatory to increase the login exception judgment. When an abnormality is determined, enhanced security verification that is more secure than "mobile phone number + verification code" should be used. Third, reduce the scope of the online real-name system, and avoid the real-name information of users by teams without management capabilities as much as possible.