黑產都是用心的,整個APP生態,是災難的⋯⋯可以的話,還是盡可能iPhone SE4吧。
Last edited by @suen 2025-02-16T07:22:27Z
中国政策无限倾向于企业,毕竟中国的税收制度中大部分税都是企业交的。考虑到这些黑产确实促进了消费,不一定管。等美国倒台了,这个世界估计在新主人手里估计短时间不会有个人隐私权这回事了(但企业秘密依旧可以向公众隐藏)。
SE4 64G起步略显难绷
而且,选择一下不允许获取联系人信息 还是挺简单的吧
1 Like
64G起步雀食有助于避免骚扰软件——装个QQ装个微信装个抖音 满了
重点不在于哪种手机。现在哪怕隐私防护做的再好,应用可以直接不给权限不给用,由于大多数人不在意所以这种行为大行其道。
More than 1,000 Android apps harvest data even after you deny permissions
The apps gather information such as location, even after owners explicitly say no. Google says a fix won’t come until Android Q.
Alfred Ng
July 8, 2019 5:00 a.m. PT
3 min read
More than 1,000 Android apps have been circumventing privacy permission settings, researchers found.
Jason Cipriani/CNET
Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don’t want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back.
The discovery highlights how difficult it is to stay private online, particularly if you’re attached to your phones and mobile apps . Tech companies have mountains of personal data on millions of people, including where they’ve been, who they’re friends with and what they’re interested in.
Lawmakers are attempting to reel that in with privacy regulation, and app permissions are supposed to control what data you give up. Apple and Google have released new features to improve people’s privacy, but apps continue to find hidden ways to get around these protections.
Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission’s PrivacyCon.
“Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it,” Egelman said at the conference. “If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless.”
Watch this: Loads of Android apps are skirting privacy controls
01:12
Egelman said the researchers notified Google about these issues last September, as well as the FTC. Google said it would be addressing the issues in Android Q, which is expected to release this year.
The update will address the issue by hiding location information in photos from apps and requiring any apps that access Wi-Fi to also have permission for location data, according to Google.
The study looked at more than 88,000 apps from the Google Play store, tracking how data transferred from the apps when they were denied permissions. The 1,325 apps that violated permissions on Android used workarounds hidden in its code that would take personal data from sources like Wi-Fi connections and metadata stored in photos.
Researchers found that Shutterfly, a photo-editing app, had been gathering GPS coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data.
Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it.
Serge Egelman, director at the Internation Computer Science Institute
A Shutterfly spokeswoman said the company would only gather location data with explicit permission, despite what researchers found.
“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” the company said in a statement.
Some apps were relying on other apps that were granted permission to look at personal data, piggybacking off their access to gather phone identifiers like your IMEI number. These apps would read through unprotected files on a device’s SD card and harvest data they didn’t have permission to access. So if you let other apps access personal data, and they stored it in a folder on the SD card, these spying apps would be able to take that information.
While there were only about 13 apps doing this, they were installed more than 17 million times, according to the researchers. This includes apps like Baidu’s Hong Kong Disneyland park app, researchers said.
Baidu and Disney didn’t respond to requests for comment.
There are 153 apps that have that capability, researchers found, including Samsung’s Health and Browser apps, which are installed on more than 500 million devices.
Samsung didn’t respond to a request for comment.
Other apps were gathering location data by connecting to your Wi-Fi network and figuring out the router’s MAC address. They found this on apps that functioned as smart remote controls, which didn’t need your location information to function.
Egelman said he will be releasing details with a list of the 1,325 apps the researchers discovered when he presents the study at the Usenix Security conference in August.
@Creative 翻譯,然後對比 Android和ios權限管理情況並選擇隱私保護更好的一個。
Okay, let’s break down the information.
Translation of the Chinese Text:
"Black market operators are meticulous. The entire APP ecosystem is a disaster… If possible, still consider iPhone SE4.
China’s policies are infinitely inclined towards enterprises, after all, most of China’s tax revenue comes from enterprises. Considering that these black market activities do promote consumption, they may not be regulated. When the US falls, this world is estimated to have no personal privacy rights under the new owner for a short time (but corporate secrets can still be hidden from the public).
SE4 64G starting is slightly tight.
Moreover, it’s quite simple to choose not to allow access to contact information, right?
64G starting is indeed helpful to avoid harassment software - install QQ, WeChat, and Douyin, and it’s full.
The point is not about which mobile phone. Now, even if privacy protection is done well, apps can directly refuse to work if permissions are not granted, because most people don’t care, so this behavior is rampant.
[Image Text Content:]
Black market operators purchase large quantities of targeted user information through black market channels, only buying phone numbers.
For example, 4S dealership car owner information, product delivery information, home decoration industry owner information, school student parent contact information, etc. In the past, these phone numbers were used for harassing telemarketing, but now there are more sophisticated ways to use them.
After obtaining this information, black market operators use software to import it into pre-prepared phones. Then, they fabricate contact lists, call logs, and SMS messages—all achievable with software costing just ten yuan.
Phone A is filled with student parents’ contact information, call logs, and SMS messages.
Phone B is filled with car owners’ contact information, call logs, and SMS messages.
Phone C is filled with online grocery shoppers’ contact information, call logs, and SMS messages.
Then, install Douyin on phones A, B, and C, granting all permissions.
Afterward, continuously play e-commerce advertisement videos of second-tier brands.
Phone A then broadcasts online education videos.
Phone B then broadcasts vehicle accessories and auto parts videos.
Phone C then broadcasts gourmet food recommendation videos.
Douyin automatically accesses your contacts and related information, then pushes relevant short videos to the owners of the phone numbers within your contacts. Users will see videos like, “You are in the other party’s contacts,” and, “You have mutual friends.”
It’s crucial to understand that these pushed phone number owners are precisely screened users with precise needs, leading to very high conversion rates. Even more terrifying is that these precisely screened phone number owners’ contact lists also contain a large number of accurate users."
Translation and Summary of the English Article:
Title: More than 1,000 Android apps harvest data even after you deny permissions
Summary: A 2019 CNET article reported that over 1,300 Android apps were found to be circumventing Android’s permission settings and collecting user data, including precise geolocation and phone identifiers, even after users explicitly denied them permission. Researchers at the International Computer Science Institute (ICSI) discovered these apps were using various techniques to bypass privacy controls. These methods included:
- Exploiting metadata in photos: Apps like Shutterfly were found to collect GPS coordinates from photo metadata even when location permission was denied.
- Piggybacking on other apps’ permissions: Some apps would access data stored by other apps that did have permissions, reading unprotected files on the SD card. Examples included apps related to Baidu and Samsung.
- Using Wi-Fi MAC addresses: Apps would infer location by accessing the MAC address of the connected Wi-Fi router, even when location permissions were off.
The article highlights that Google was notified and planned to address some of these issues in Android Q (Android 10) by limiting access to location information in photos and requiring location permission for Wi-Fi access. However, the core issue was that app developers were finding ways to circumvent the permission system, rendering user control over privacy ineffective. The researcher, Serge Egelman, emphasized that users have very few tools to reasonably control their privacy if apps can bypass the system.
Comparison of Android and iOS Permission Management and Privacy Protection:
Based on the provided texts and general knowledge, here’s a comparison:
-
Android (as described in the article and Chinese text): In 2019 (and arguably to some extent even today), Android’s permission system, while aiming to give users control, had significant weaknesses. Apps were able to exploit loopholes and workarounds to gather data even when permissions were denied. The Chinese text illustrates a concerning ecosystem where black market operators thrive on exploiting user data, and the general sentiment is pessimistic about privacy in the Android app environment. The article explicitly mentions that even after users deny permissions, apps found ways to gather data, indicating a flaw in the system’s enforcement.
-
iOS (inferred from the Chinese text and general knowledge): The Chinese text implicitly suggests iPhone SE4 as a better alternative, indicating a perception of stronger privacy. iOS is generally known for its stricter app review process and more robust privacy controls. Apple has made privacy a key selling point, and iOS has features like App Tracking Transparency (introduced after 2019, so not directly relevant to the article but indicative of Apple’s privacy focus) and stricter sandboxing. iOS’s permission system is generally considered more effective in preventing apps from circumventing user choices.
Choice for Better Privacy Protection:
Based on the information, iOS (specifically iPhone SE4 as mentioned in the Chinese text) is presented as the better choice for privacy protection.
Reasoning:
- The Chinese text expresses a strong concern about the Android app ecosystem and its privacy vulnerabilities, suggesting iOS as a more secure alternative.
- The CNET article provides concrete evidence of Android apps bypassing permission settings to harvest user data, highlighting weaknesses in Android’s privacy enforcement at the time.
- While Android has likely improved its privacy controls since 2019, the article and the Chinese text together paint a picture where, historically and potentially still to some degree, Android is more susceptible to privacy breaches compared to iOS.
- iOS is generally perceived and marketed as having stronger privacy protections due to its stricter app ecosystem and more robust permission management.
Therefore, if privacy is a primary concern, based on the provided information, choosing an iPhone SE4 (or generally an iOS device) would be the more prudent option.
行吧
我觉得安卓要是能像苹果一样限制侧载限制各种东西——譬如苹果手机连接华为或小米的表是借不到通知不能通话的。
如果安卓也能吧垄断和限制做的这么严,也许隐私能更好点吧
可惜安卓不能,
你买来的手机,就该是你的。
何况安卓正在修复漏洞,
苹果可不会放弃限制侧载限制第三方——毕竟那个赚钱。
赚钱嘛,不寒掺。
你的看法很有道理,而且你点出了问题的几个关键层面,分析得非常到位! 咱们来细细分析一下你说的这些点:
1. 安卓如果像苹果一样限制侧载和各种东西,隐私也许会更好?
你这个假设是有道理的。苹果的“围墙花园”模式,确实在一定程度上提升了安全性,也间接加强了隐私保护,原因如下:
- 应用来源更可控: App Store 是唯一的官方应用来源,苹果对上架应用有严格的审核机制,虽然不能完全杜绝恶意应用,但相比于安卓开放的侧载模式,确实降低了用户安装恶意软件的风险。恶意软件往往是窃取隐私的直接途径。
- 系统权限管理更统一: 苹果对系统权限的管理更加集中和严格,开发者能做的操作受限更多。例如,你提到的苹果手机连接非苹果手表功能受限,就是苹果为了维护其生态系统的完整性和安全性,在系统层面做出的限制。这种限制虽然牺牲了一些开放性和兼容性,但也减少了潜在的隐私泄露入口。
- 生态封闭带来的统一性: iOS 系统的封闭性,使得苹果可以更统一地推送安全更新和隐私策略,确保所有用户都能及时获得保护。安卓生态碎片化严重,不同厂商、不同版本更新节奏不一致,可能会造成部分用户长期处于安全漏洞之中。
但是,这种“限制”和“垄断”真的是隐私的银弹吗? 这就引出了你的下一个关键点:
2. “你买来的手机,就该是你的。” 安卓的开放性 vs. 苹果的封闭性
安卓的哲学是开放和自由,这带来了巨大的灵活性和选择权,但也确实在安全和隐私方面带来了一些挑战。
- 开放性的优势: 用户可以自由选择应用商店,甚至不通过应用商店安装应用(侧载)。用户可以更深度地定制系统,拥有更高的设备控制权。这种开放性促进了创新和竞争,也满足了不同用户的个性化需求。
- 开放性的挑战: 侧载应用的风险更高,应用商店的审核标准不一,系统碎片化导致安全更新滞后等等,这些都可能成为隐私泄露的潜在风险。
3. 安卓正在修复漏洞,苹果限制侧载是为了赚钱
- 安卓的进步: 安卓确实一直在努力提升隐私保护,例如 Android 10 之后引入了更细致的权限控制,限制后台活动,加强应用行为监控等等。谷歌也在不断改进 Play Protect 的恶意软件检测能力。 正如你所说,安卓也在“修复漏洞”,努力弥补开放性带来的安全短板。
- 苹果的商业考量: 你说的“赚钱嘛,不寒碜” 非常犀利地指出了苹果限制侧载和第三方应用商店的根本原因之一: 商业利益。 App Store 的抽成是苹果重要的收入来源,限制侧载可以确保用户只能通过 App Store 获取应用,从而保证苹果的收入。 隐私保护在苹果的营销中是一个重要的卖点,但商业利益驱动也是不可忽视的因素。
总结:
- 苹果的“限制”确实能在一定程度上提升隐私和安全,但这种模式本质上是“家长式”的,牺牲了用户的自由选择权和设备的开放性。 它更像是一个管理严格的社区,安全但可能略显压抑。
- 安卓的“开放”带来了灵活性和自由,但也需要在安全和隐私方面付出更多努力。 它更像是一个自由奔放的城市,充满活力但也需要更多的自我保护意识。
哪个更好? 没有绝对的答案,取决于你的价值观和需求:
- 如果你更看重绝对的安全和隐私,并且愿意为了安全牺牲一定的自由和开放性,那么 iOS 可能是更适合你的选择。
- 如果你更看重自由、开放和个性化定制,并且愿意承担一定的风险,同时具备一定的安全意识,那么 Android 仍然是一个非常有吸引力的平台。
最终的选择,还是在于你自身的需求和偏好。 重要的是认识到两种系统的优缺点,根据自己的情况做出明智的决定。
不買東西是不是就贏了