Just when talking about privacy leakage, people always feel distant from themselves, but it has long been like a “landmine”, quietly buried in our lives, has not been exploded, the time has not yet come.
Don’t assume that you are just a little transparent in society and that your personal information is worthless.
In today’s society, the most valuable thing is information, and everyone could be the next target to be dispossessed.
Remember, the Internet will never be free.
Input methods have long been the target of criticism
In recent years, news of user data leaks by input software has been frequently exposed, affecting as many as 31 million users.
Input method uploads user input to the cloud server to help users improve their input experience. In effect, it guesses your interests and places ads based on the user’s input habits. In this process, privacy leakage has always been inevitable.
If the user allows “full access,” the input method can not only take all of your input data, but also your location and address book information and send it freely to the input method’s own server.
And as long as full access is enabled, even if permissions are later turned off, the input method may record the input locally and upload it to the developer server when permissions are turned on again.
Yin xiaowei found that if users turn on the “full access” permission, third-party developers can obtain a large number of users’ personal information, including: geographic location, photos, bank accounts, credit card phone numbers, street addresses and other personal data…
Full access “≈ full disclosure
1. Expose physical characteristics
(Photo + Sound = Physical characteristics)
After third-party input methods gain access to microphones and photo albums, users may be exposed to the risk of physiological information leakage. In particular, the current biotechnology, voice password, face recognition and other technologies are in the savage growth stage, the internal mechanism is not perfect.
Once physical features such as facial features, pupils and voice color are revealed to criminals, illegal activities such as swiping bank cards, cracking account passwords, hacking accounts and changing payment faces become easier. Criminals can still pass through later stages. The AI face synthesis technology uses collected face and voice data to synthesize pornographic videos.
In late 2019, for example, the short-lived face-changing app ZAO created dynamic face-change videos simply by uploading photos with clear facial features. The level of vividness is almost natural.
Foreign netizens are using deep learning open source libraries to replace the faces of the main characters in pornographic films with female stars. Famous actresses like Gal Gadot, Scarlett Johansson and Taylor Swift have painted brutal portraits of human rights abuses.
Recently, One-day Camera and Sogou Input method attempted cross-border cooperation for the first time by launching a “DIY Super sweet magic skin” campaign.
Users can import beautiful photos taken with the “Yida camera” into sogou input method, and then create their own input method skin. Just two days after the campaign went live, they got more than six million hits. According to the sky camera has the advantages of face key point recognition, human key point recognition, human segmentation and 3D face reconstruction. Its parent company is Internet giant Kuaishou.
Capital + technology + data can do almost anything they want, playing with user data.
2. Give away your location
Each time the user wakes up the input method (when the input method is used), the dog input method will locate once.
Input method has high frequency of use and user stickiness. When we use a mobile device (such as a cell phone), it is typed almost all the time, so there is no doubt that geolocation information will be leaked.
However, getting a crude IP address is sufficient for most service requirements. Why would a dog input system need to monitor people’s every move in real time?
3. Exposing your mobile phone id card
The Imei is the unique identifier of the phone, which corresponds to the phone model and owner information. In the case of Apple phones, most of our Apple ids are our real names tied to other personal information, such as mobile phone numbers and email addresses.
Losing your iMEI is just like losing your ID card.
Note: [IMEI] The International Mobile Equipment Identification Number (IMEI), commonly referred to as the serial number of a mobile phone, i.e. the “serial number” of a mobile phone, is used to identify each individual mobile phone in the mobile phone network, etc. Mobile communication equipment.
(One weird interface)
4. Expose chat logs and “secrets”
Each time a punctuation mark is entered, the text is transmitted to a dogcloud server.
Our daily chat records not only involve personal identifying information, family information and so on, but also discuss many personal topics with friends, relatives and lovers.
Trade secrets and encrypted documents come into play, think these information is easy to control, even the information you forget or delete, are chilling, input method will help you remember!
The new machine has been pre-installed and “first class” overlord terms
Input method application terminal based on smart phone. Each input platform already has deep partnerships with smartphone manufacturers. ] – Styles preempt user resources.
The Sogou input method works with some models from Samsung, Xiaomi, OPPO and Vivo. Iflytek input is a pre-installed input application for certain models of Xiaomi, OPPO and Hammer.
Baidu input works with handset makers such as Huawei, Vivo and OnePlus.
In 2019, Apple iOS 13 and the new iPad OS began to support the installation of third-party input methods, which are the most commonly purchased mobile brands in our daily life, almost the entire mobile market.
As of the third quarter of 2019, the number of active users of third-party input methods in China reached 771 million, accounting for 75.9 percent of the entire network.
The network penetration rate of input methods is only lower than that of application management (94.9%), system tools (81.2%), and map navigation (77.6%), and even higher than that of browsers (60.0%) and utility web tools (54.2%). (Data source: Analysys)
Needless to say, the Big Three have crept into everyone’s life.
It is worth mentioning that the default interface of Apple’s phone is very similar to the input method that comes with Apple, making it difficult for users to tell the difference.
McLuhan once said that “the medium is an extension of humanity”. That prediction has clearly come true. Mobile phone is the part of “body” of modern, input method has become a kind of rigid demand, it is because of the special relationship, third-party input method can use the user’s hand to collect the user’s mobile phone number, address book, face, voice, mobile phone imei code, network status, and a large number of real-time positioning data, etc., This data is then used to accurately portray user profiles and social relationships.
Information elements
Information elements
The results of
IMEI
Mobile phone models
Judge the level of consumption
The network status
Real-time positioning and secondary confirmation of location information
Mobile phone no.
Address book analyzes social networking photos
Voice collection biometric real-time location
people
Monitor your location in real time
You have to ask, what happens when you leak this information?
1. Commercial realization
As a tool property software, the commercial profit channels of third-party input methods are very limited. The main revenue methods include rewards for C-end users, advertising marketing and enterprise-level services for B-end users, and the revenue structure is very fragile.
The main currency channel of the input method platform is as an inflow port, and its revenue comes from advertising and marketing.
Given the stickiness of input methods and users, collecting user data becomes very advantageous. Through user big data analysis, accurate advertisements can be placed to earn advertising fees, and through cooperation with commercial platforms to establish consumer portals, so as to deceive you into directly buying, buying, or even selling user information.
2. Passwords are no longer secret
When using the dongle input method, all the information you enter more than three times can form a content memory, so that users can automatically associate the complete information next time.
When we use mobile phones in our daily life, we will repeatedly enter “mobile phone number, name, password, ID number, bank card number and password and other common information”.
In the daily operation of the company, repeatedly input employees’ “salary, password, encrypted files, trade secrets, patent information”;
“Various government documents” are also reused in government work. Password input… These information input methods have helped us remember them automatically.
However, if this information is not properly protected, how can we ensure the safety of the lives and property of individuals, companies and countries? How to maintain research achievements and intellectual property rights? Your hard work can be stolen by hackers by immediately hijacking the input method.
Loan shark product – a dog borrows money and is a day late to break the address book
One anonymous consumer reported, “The interest rate is too high and it’s putting a financial strain on me, so I can’t use it. As for complaints, let the platform solve them for me. In any case, it helps other users too. I hope the dog can correct it.”
($3,000 in nine instalments with 385 paid each)
When a dog borrows money, it’s not just usury. In addition, the debit locates and monitors the user data from its input methods.
Even broke into the borrower’s address book – borrowers overdue only a day after, they will one by one harassment of the borrower’s address book friends, borrowers will inform them of the loan situation, and gave the parties and their relatives and friends caused great trouble.
According to the cases investigated, some borrowers have annual interest rates of more than 90 percent
(Annual interest rate for both cases)
The scariest part is that real-time location of the input method is almost everywhere. When a victim reports a dog for a loan, the dog INPUT also monitors its location and boldly makes up for it if it is not a law-based society. Will people sit at home and disaster will come from heaven?
(When the victim complained, she was being forcibly positioned by a dog.)
The borrower fell behind on his payments in just one day, and his family and friends were getting calls from dog loan sharks in his personal address book, embarrassing the borrower!
How much information does the input method steal?
Based on the publicly available data from the manufacturers of the second-line input methods, let’s calculate how much information they steal.
The second line input method alone can collect 1,051 billion words per year, 35.560 billion phonetic words?
For the first line input method, this number increases geometrically only.
Do you think only the input method can do this?
Error!
It’s the manufacturer. Now take the second line of input product as an example. Almost all of their products have problems in one way or another. As soon as you use one of these, your privacy is lost. Placed in.
Let’s take a look at another recording product of the mono recorder:
A single user’s recording file can be listened to by using a specific search method in a search engine.
What can you do as a user?
- Android recommends using open source input methods. Apple’s default input method is a little more secure than other third-party ones on the market;
2. If necessary, do not have full access permission.
3. If you must turn on full Access, call the phone’s original input method when entering key, confidential and private personal information.
4. Pay close attention to information related to privacy protection, timely report privacy leakage, and actively use legal weapons;
5. Maintain a proper privacy attitude. Don’t condone or condone any privacy leakage, let alone put yourself in a compromising position.
One of the obstacles to the development of AI technology is the lack of rich and detailed user data, precisely when protecting user privacy is at odds with the development of technology.
In China, due to the lack of awareness of personal privacy protection, many companies take the risk of revealing their own privacy to gain technological dividends. The leading companies in the input market are more or less exposed to privacy breaches.
How to win users and gain higher user loyalty through more complete and optimized services is the common theme of all third-party input method platforms, and the protection of privacy is bound to be a problem. It should be.