315 Follow-up | The Ministry of Industry and Information Technology investigated and dealt with the illegal collection of users’ personal information by the cracked version of APP exposed at the "3 15
According to the official news of Gongxin Weibo, the Ministry of Industry and Information Technology attaches great importance to the protection of users’ rights and interests, and continues to carry out special rectification actions for mobile Internet applications (APPs) infringing on users’ rights and interests, and constantly improve the application service environment of APPs. In view of the illegal collection of users’ personal information by some cracked apps reported at the "March 15" party, we immediately organized verification, and severely investigated and dealt with it according to the Personal Information Protection Law, the Regulations on the Protection of Personal Information of Telecommunications and Internet Users and other relevant laws and regulations.
First, organize the application distribution platform, e-commerce platform and search platform to quickly investigate the exposed apps such as "bilibili Cracked Edition 2021", "Baidu Netdisk Cracked Edition" and "Cool Dog Cracked Edition" and other cracked versions. Up to now, a total of 436 illegal download links from informal channels have been handled. The second is to organize relevant communication administrations to investigate relevant clues and deal with illegal subjects according to law. The third is to draw inferences from others, organize professional testing institutions to carry out special testing on APP and software development kit (SDK), resolutely investigate and deal with the problems found, and inform the public in time.
In the next step, the Ministry of Industry and Information Technology will continue to take effective measures to further build a security line and effectively strengthen the protection of personal information of telecommunications and Internet users. First, supervise the relevant Internet platform enterprises to implement the main responsibility, intensify inspection and investigation, and timely discover and clean up illegal apps. The second is to strengthen the detection, supervision and inspection of APP and SDK technologies, increase the handling and exposure of problems, and continue to maintain high-pressure shock to violations of laws and regulations. The third is to deepen the upstream and downstream chain governance of application services such as APP and SDK, strengthen management and standardization, and create a good service environment. The fourth is to cooperate with relevant departments to intensify the crackdown on illegal acts such as infringement and piracy of cracked APP, guide the downloading of APP from formal channels, and safeguard the legitimate rights and interests of users.
Last night, the 315 party reported that many consumers were greedy for cheap, and they used these cracked apps for free, just like installing "monitoring" on their mobile phones and burying "mines", which was extremely risky. A cracked version of a video App, testers found that it was additionally embedded with three third-party plug-ins unrelated to the official version, namely SDK software package. As long as it runs, these three extra SDK packages can quietly steal personal information from the user’s mobile phone, from the hardware address of the internet to the identification number of the mobile phone device, to the identification number of the calling card, and even the identification number of the mobile phone operating system, all the key identification information of the user is wiped out.
As long as we master 2-3 kinds of information, even if the user changes his mobile phone or phone number, it can accurately lock the user, capture and track the user’s dynamics in real time, and form an accurate portrait of the user, thus pushing a large number of advertisements and realizing traffic realization. What’s more, a cracked music App can also monitor the user’s call status.
He Yanzhe, deputy director of the evaluation laboratory of Netan Center of China Institute of Electronic Technology Standardization, said that from the test results, we can see that he will send the user’s call status and the user’s logo, including his accurate portrait, even overseas, which may become an important data source for overseas telecom fraud groups to conduct accurate fraud. Once these data flow into the black market, it may be used repeatedly.