China-Singapore Jingwei Client, March 27th (Chang Tao) due to illegal collection of personal information, an app of the company where Zhang Ying (pseudonym) works was notified by the Ministry of Industry and Information Technology on March 12th.

Zhang Ying said that the information collected by the App can be put on the shelves normally without user authorization, and the download volume is not bad. The total number of installations in major application stores exceeds 500 million.

  Currently, collecting users’ personal information in violation of regulations is the most common behavior in which apps infringe on users’ rights and interests.

A reporter from China-Singapore Jingwei found that since 2021, a total of 319 apps have been notified by the Ministry of Industry and Information Technology for infringing users' rights and interests. Among them, the collection and use of personal information in violation of regulations is the "hardest hit area".

  So, why are these apps not found in the app store link and may infringe the rights of users?

Users are infringed on their privacy after downloading apps from OPPO, Xiaomi and other app stores. Do these app stores need to be held responsible?

  New latitude and longitude in the data map

This year, 319 apps were notified of "eavesdropping" and other key rectifications

  The special rectification work of the Ministry of Industry and Information Technology App infringing user rights and interests began at the end of October 2019.

In December of the same year, the Ministry of Industry and Information Technology announced the first batch of 41 apps that infringed on user rights, including well-known apps such as QQ, Sina Sports, and Xiaomi Finance.

Initially, the Ministry of Industry and Information Technology focused on rectifying App problems including private collection of personal information, private sharing with third parties, difficulty in account cancellation, and denial of permission to use.

  Since 2021, the Ministry of Industry and Information Technology has notified three batches of apps that infringe on user rights and interests, with a total of 319 apps, including the first batch of 157, the second batch of 26, and the third batch of 136 apps.

In the third batch of 136 apps that infringe on user rights and interests announced on March 12, there are many products from well-known Internet companies such as Tencent Mobile Manager, iFLYTEK Dubbing, Ctrip Car Rental, and Cheetah Cleanup Master.

  A reporter from China-Singapore Jingwei noted that the issues involved in apps notified in 2021 include frequent self-launching and associated launching of apps, excessive collection of personal information, illegal use and collection of personal information, compulsory, frequent, and excessive requests for permissions by apps, etc. The app issues that the special rectification work initially focused on have changed.

  New latitude and longitude in the data map

  In early March 2021, the Minister of Industry and Information Technology Xiao Yaqing bluntly stated that in response to issues such as "microphone authority abuse" and "excessive solicitation of address books", which were strongly reported by the masses, special rectifications were carried out on apps, and apps that violated user rights and refused to accept rectification were resolutely removed.

  According to media reports in February, the Ministry of Industry and Information Technology is drafting the "Interim Provisions on the Management of Personal Information Protection for Mobile Internet Applications", which clarifies the two basic principles of informed consent and the minimum necessary for personal information protection, and clarifies the bottom line and draws a red line for personal information protection in apps.

At the same time, it will be problem-oriented and focus on solving hot issues that current users have strongly reflected, such as "microphone authority abuse", "read and write albums without the user's consent," "excessive solicitation of the address book", and "hide the push-to-close option".

  This means that in the future, App "eavesdropping" and a series of behaviors that infringe on user privacy, such as App illegal calls to microphones, address books, photo albums, etc., will be focused on rectification.

Some apps may have this operation in order to peep your privacy

  Regarding the infringement of users' rights and interests involved in the notification of the App, especially the illegal collection of personal information and the mandatory request for permissions, some netizens said: Why can the App be successfully put on the app store?

Isn’t the app store reviewed?

  It is worth noting that the Ministry of Industry and Information Technology will indicate the source of apps that infringe on users' rights and interests in previous notifications.

For example, in the report on March 12, apps such as Moe Dragon Fighting and Receiving Money from Tencent App Store were on the list due to illegal collection of personal information; apps from the OPPO App Store, such as P Picture Great God and Calling Wannengbao, were collected due to illegal collection. , Use personal information to be on the list; apps from Xiaomi App Store, such as Yuepaoquan and Idol, are on the list for collecting personal information in violation of regulations.

  In the first batch of notifications in 2021, the Ministry of Industry and Information Technology stated that in the ten batches of inspections organized by it, Tencent App Store, Xiaomi App Store, Pea Pod, OPPO App Store, and Huawei App Market found problems accounting for 22.3% and 12.0%, respectively. , 10.3%, 9.9%, 8.8%, the main responsibility of platform management is not in place.

  In fact, all major mobile application stores have their own review standards.

For example, the privacy policy of the "Huawei App Market Review Guide" shows that apps access, collect, use, or disclose any personal data require the user's consent or comply with other applicable laws and regulations; apps must comply with the principle of data minimization when collecting and using personal data; Application application and use permissions must comply with the principle of minimization of permissions, etc.

  But in practice, the app store may not be able to implement the audit standards.

An unnamed security engineer of a major Internet company revealed to a reporter from China-Singapore Jingwei that the current app store review is indeed relatively rough. The main reason is that the relevant privacy standards have been changing, resulting in uncertainty in the app market. Open one eye and close one eye and put it on the shelf."

  The aforementioned security engineer revealed that developers can also use certain technical operations to make the App bypass the app market's review.

"When some apps are on the app market, the privacy button is turned off, but the user automatically opens it after downloading to the mobile phone. But this is a small number of behaviors."

  Another program developer who did not want to be named told the Zhongxin Jingwei reporter that technically, the app store can examine which permissions an app can obtain from users.

Under normal circumstances, apps on the app store cannot obtain the user's communication, location, and microphone permissions without authorization. These permissions must be obtained with the user's consent, but it does not rule out that the app is forcibly opened by the user, that is, the app cannot be used without opening, or an excuse To trick users into opening, these app stores cannot be reviewed.

Does the app store need to take responsibility?

  A reporter from China-Singapore Jingwei noted that as early as June 2016, the State Internet Information Office issued the "Regulations on the Management of Mobile Internet Application Information Services." The relevant person in charge of the State Internet Information Office pointed out when answering reporters’ questions about this provision, “Internet applications The store service provider shall perform the'four management responsibilities' to the application provider".

One of the responsibilities is to "supervise application providers to protect user information, provide complete instructions for the application to obtain and use user information, and present it to users."

  Hu Gang, deputy secretary general of the Rule of Law Committee of the Internet Society of China, said in an interview with the Sino-Singapore Jingwei client that the newly issued "Regulations on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications" will be implemented on May 1, clarifying 39 types. The range of necessary personal information for common types of apps, of which 13 types of apps can use basic functional services without personal information.

  In general, this new regulation is more precise, more powerful and more durable, and it also places higher demands on App developers.

  "App stores should actively and fully inform the app store of which permissions the App wants to obtain, and third-party agencies should also be asked to test App related information and permission acquisition functions. These details should be displayed in the app store, and the app store should be a gatekeeper." Hu Gang said, “The app store participates in the distribution and sales of the app, and it is a community of interests with the developer. App stores can’t take care of themselves when there is a problem with the app. They are the people who are jointly responsible and should bear joint and several liabilities.”

  Hu Gang said that the current penalties for apps that infringe on user rights and have not been rectified are only at the delisting level, and it is necessary to increase penalties in the future.

"Illegal or excessive acquisition or use of personal information reaches a certain amount, whether it can be considered to stop its operation and pursue its criminal responsibility, this should be actively explored." (Zhongxin Jingwei APP)

All rights reserved by Sino-Singapore Jingwei. Without written authorization, no unit or individual may reprint, extract or use it in other ways.