The Qi'anxin Virus Response Center has released a report on the detection of APP infringement on user rights in the first half of 2023. The report uses the Android dynamic engine QADE independently developed by Qi'anxin to conduct sampling testing on nearly 400000 newly included and updated apps in the national application market in accordance with national laws and regulations, and evaluates the issue of app infringement on user rights.
According to the report, there are 6 apps that infringe on user rights with over 100 million downloads, 76 apps with over 10 million downloads, and 297 apps with over a million downloads. This indicates that the issue of APP infringing on user rights has a very widespread impact, at least affecting hundreds of millions of users.
The report also shows that among apps involving illegal collection of personal information or unauthorized access, apps for leisure and online shopping have the highest proportion of violations, accounting for 29.1% and 14.6% respectively.
The report defines the behavior of a single app collecting personal information twice or more within 100 seconds as "high-frequency collection of personal information". At present, this problem is relatively serious, with 65.7% of apps that collect personal information in violation of regulations collecting personal information frequently. The frequency of collecting personal information on most apps is concentrated between 2 to 5 times, accounting for 62.6%; Next is 6 to 10 times, accounting for 21.5%; The proportion of 11 to 20 times is 9.7%; The proportion of those who have exceeded 20 times is 6.2%. Among them, one app collected personal information IMEI 440 times in just 100 seconds, which is the highest.
Among apps that have the problem of collecting personal information in violation of regulations, 72.7% of apps involve the collection of third-party SDKs. This means that most apps themselves do not engage in illegal collection of personal information, mainly due to the integration of third-party SDKs, which leads to the problem of illegal collection of personal information. Among them, the majority of apps are caused by the integration of a non compliant SDK, accounting for 70.1% of the violations; A small number of apps integrate at least two third-party SDKs that illegally collect personal information, accounting for 29.9%. According to the report, the apps with permission requests mainly come from the Pea Pod app market and the APK8 Android app market, with the most applications for leisure and lifestyle, followed by online shopping. For e-commerce and some lifestyle apps, the more information they collect, the more accurate their user profiles become, the more business activities they can engage in, and the more profitable they can be.
Based on the above data, it can be concluded that under relevant national laws and regulations, the detection rate of infringing user rights apps this time is relatively low. However, in terms of download volume, the impact is still widespread, at least affecting hundreds of millions of users. Therefore, the issue still needs to be further addressed. This inspection also found that some apps engaged in illegal collection of personal information due to the integration of third-party SDKs.
The Qi'anxin Virus Response Center provides suggestions for this issue. After rectification, third-party SDK manufacturers should better guide app developers to quickly upgrade and solve the problem according to the new version requirements, and form a security line with app developers. At the same time, app developers should also have a sense of personal information security, and in accordance with national laws and regulations, do not collect personal information in violation of regulations.
Article Source:https://mp.weixin.qq.com/s/mtBhkNoOMcP5QsxmYOb25w
Yorumlar