Home > News content

Baidu reiterated the inability to monitor the user without the need for him to get used to doing what

via:雷锋网     time:2018/1/9 15:34:10     readed:291

At the same time, Baidu's summary response said:

  • Whether Apple or Android, it is impossible to provide software developers with the ability to monitor the user's call interface or permissions.

  • Baidu's App has neither the ability nor the so-called "monitor call."

  • Baidu application access to any user rights, will be within the reasonable use of the Android system, the pop-up window prompts the user to agree to authorization to obtain the appropriate service.

Why single batch Baidu?

The time span of this dispute is long, but summed up is very simple -

  • In July 2017, Jiangsu Consumer Protection Commission conducted a survey on 27 mobile phone APPs with more subscribers on the market and found that there was a widespread problem of infringing the security of personal information of subscribers.

  • On December 11, 2017, Jiangsu Consumer Protection Committee filed a civil consumer litigation on the suspected acquisition of consumer personal information by Beijing Baidu Reuters Technology Co., Ltd. and related issues.

  • January 2, 2018, Nanjing Intermediate People's Court has formally filed.

Why interview 27 mobile phone APP, single Baidu carry out admonition?

In July last year, Jiangsu Consumer Protection Commission, in conjunction with the case of infringing on the personal information of consumers in the mobile phone application market, conducted surveys and interviews with 27 APP-owned enterprises with more users and some industry representatives including 12306, Arts, where to travel,TencentVideo, dragonfly FM, Baidu browser, mobile phone Baidu.

Soon afterwards, Jiangsu Consumer Protection Commission said most of the enterprises submitted substantive rectification plans on time, from removing unnecessary sensitive authority, increasing consumer prompt box, providing consumers' authority selection interface and perfecting information protection for non-registered users The APP has been optimized, of which 18 APP basic rectification in place.

For Baidu, Jiangsu Provincial Consumer Protection Commission to use "refuse to rectify" to describe its attitude and immediately requested the court ruled in accordance with the law Beijing Baidu Network Technology Co., Ltd. to stop its related infringement.

In response to this question, Baidu responded to Lei Feng Net that in the past few months, Baidu and Jiangsu Consumer Protection Commission have conducted many rounds of communication on the privacy protection and user rights management mechanism of mobile APP, The Consumer Protection Commission has repeatedly explained and clarified the questions. Baidu said: "We will continue to actively communicate with the Consumer Protection Committee of Jiangsu Province, together with the Consumer Protection Commission for personal information security has been more extensive attention in the Internet and other industries have been more fully protected."

Baidu access to these rights what is the use?

The general reaction of users is that if you are not suspected of invasion of privacy, Baidu, and other related operations APP, why access to user contacts, SMS and other information?

Tian Biao, a senior manager of mobile phone Baidu, made a corresponding explanation to Lei Feng Network. As for the access authority of mobile phone Baidu (left of the above figure):

  • Storage: mainly used to download some pictures and offline fiction and video will be used

  • Read contacts: authorization in social and mobile recharge scenarios

  • Camera: camera search, scan the code to use

  • Microphone: for voice search

  • SMS permissions: in the user-friendly login and registration process to automatically read messages, to provide users with convenient services

In addition, Baidu browser core permissions and phone Baidu almost (on the right), but to increase the reading calendar and set the calendar to remind service, user-friendly. And, if the user still has doubts about the permissions they have, they can go back to the Privacy section for review and change.

Baidu has "monitor phone" this feature?

For the core of the controversy, "Listen to the Telephone", Tian Biao told Lei Feng Network (Public Number: Lei Feng) that when Google designed the Android system, it would not open or design the "telephone Monitor "this API interface, and Baidu App sensitive permissions require user authorization, the user can freely turn off. At the same time, Tian Biao explained, "Phone permissions is a big privilege, including cell phone identification code, direct call, call records, but can not do to monitor the phone.Mobile phone Baidu access to its permissions, mainly for reading the phone status READ_PHONE_STATE) to see how much battery power is left on your phone. "

Li Tiejun, a cheetah mobile security expert, said few people really did it because it was too easy to spot. "This kind of data monitoring, and then upload the behavior is very easy to find.This process requires the APP has a call recording action, APP code will be able to identify.If this happens, the phone-side security software can be found, any one program will reverse Analysts can find out. "

In addition, Baidu specifically pointed out that Baidu mobile browser and cell phone security guards have a harassing phone interception function, but Xiaomi mobile phone to translate this function into a "monitoring phone", to a certain extent, caused everyone's misunderstanding.

How to prevent industrial chain problems

Baidu simply explained the process of operation of the black industry: first, criminals use operator loopholes to illegally obtain the user's mobile phone number; and then develop visitor phone number record tools; Finally, the tools and user phone numbers and other information for Resale.

In other words, because these pages have long been purchased black malicious code, and implanted in the site, when your phone is in the 4G network, just enter the page, even if there is no input phone number or log in, can also be stolen information. These bad websites then hire customer service and sell to consumers.

Baidu said many Internet users do not usually remember the site domain name, most people will choose to search the search engine keyword to enter the site, when you receive a lawsuit call, you will naturally think of the site entrance - Baidu. Baidu said it was wrong, "This is the problem of the entire industrial chain, but the pot by Baidu alone to carry."

Hand pointing to the mobile security expert Liu Su Lei Feng received an interview earlier said that the market common mobile phone, whether it is Andrews machine or Mac, access to the microphone permissions APP will have a clear list, this application is not unusual . In the case of the phone is root, theft may occur microphone behavior, but this is only a minority, most cell phones have not been jailbroken. Another situation is that there are system-level vulnerabilities in the mobile terminal environment. If it is exploited to eavesdrop a Trojan or a virus, it is completely possible, but this does not apply to most mobile phones.

In view of this, Baidu is subjectively unwilling to eavesdrop on user information, but when a user's mobile phone is maliciously attacked and the platform encounters force majeure, the privacy and security of consumers still can not be guaranteed.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments