English
中文
Deutsch
HomeArticle

"Privacy Radar": From which dimensions does it test system security? We asked the front-line programmers.

36氪品牌2024-12-24 21:52
The security problems brought about by technological development ultimately need to be solved by means of technological development.

This issue might sound rather clichéd, but - "Is your cellphone really safe?"

On December 3rd, the Ministry of Industry and Information Technology reported that 27 apps had violated users' rights and interests, involving a large number of issues such as illegally collecting personal information and excessively requesting permissions. The app developers were required to make corrections within a limited period.

On December 12th, the Cyberspace Administration of Yuelu District, Changsha City, conducted centralized interviews with the responsible persons of 10 applications that illegally collected and used citizens' personal information. The problems and hidden dangers in the collection and use of citizens' personal information by each app and WeChat mini-program were reported.

Even earlier, since the beginning of this year, due to personal information leaks, FaceTime phone fraud cases have occurred frequently in many places across the country, and many people in multiple locations have suffered property losses. Eventually, the police even suggested that users turn off the FaceTime function to prevent fraud risks.

So, back to the initial question - "Is your cellphone really safe?"

From face recognition data to recruitment website resumes, from personal location information to bank account passwords, today, more and more personal privacy data is stored in cellphones, accounting for an increasing proportion. As a result, the criminal risks derived from this are also increasing day by day. Data security has become the focus of the entire nation in recent years and is also a "frequent visitor" mentioned at the CCTV 315 Evening Gala.

Malicious software and telecommunications fraud are the first to be affected and are also the key targets for crackdown.

However, the infringement of personal privacy in the "gray area" such as excessive collection of personal information and illegal request for permissions by some illegal apps has long been ignored.

Many times, when an app requests album permissions, location permissions, and text message permissions, once the user clicks "Agree", if someone invades the app developer's backend, then all the sensitive information in the cellphone will be exposed.

What's more helpless is that sometimes, even for a small number of regular apps, even if the developers do not intentionally steal personal data through system vulnerabilities, due to architectural design vulnerabilities in the app, backdoors in third-party SDKs, and other reasons, users' personal information may accidentally "run naked" on the entire network.

The number of global apps is countless, and it is obviously impossible to investigate and manage them one by one. In addition to calling on users to improve their awareness of prevention, to solve these problems from the root, we must start from the bottom-level operating system of the cellphone, cut off the vulnerabilities from the source, and ensure the personal safety of users.

On November 26th, Huawei released the latest flagship cellphone Mate 70 series, which can be equipped with the domestically developed and self-researched native Hongmeng operating system. Huawei announced that starting from next year, all new Huawei cellphones and tablets will be directly equipped with the native Hongmeng. This has once again pushed the popularity of the native Hongmeng to a new high.

The native Hongmeng system reconstructs the security system and order of the operating system, launches the Xingdun security architecture, provides system-level security guarantees, and re-constructs a complete security and privacy protection system from the system layer, framework layer, and application layer in a hierarchical and comprehensive manner.

For ordinary users, this obscure terminology may not be easy to understand. Then, the most intuitive presentation method is - video evaluation.

Who can "avoid" the privacy radar?

In response to the problems of excessive collection of permissions and privacy protection loopholes pointed out by traditional Android manufacturers, the programmers of the [Lin Yi LYi] team of the Technology Channel developed an experimental app called "Privacy Radar" on both the native Hongmeng and Android systems to test the situation of calling privacy data between different systems.

In other words, by imitating the daily usage habits of users, let's see how much information the app backend developers can see in your cellphone on the native Hongmeng and Android systems?

First, by sorting out commonly used apps such as Taobao, WeChat, Alipay, etc., it can be concluded that the application permissions commonly applied for mainly include three categories, and the "Privacy Radar" applies for obtaining permissions through the common pop-up window form:

1. Access authorization types: Albums, files, contacts, call records, text messages.

2. Function authorization types: Camera invocation.

3. Basic information authorization types: Cellphone hardware information, application list.

First, let's look at the Android aspect:

In this evaluation by the [Lin Yi LYi] team, three different Android cellphones were used, but unfortunately, almost all of them failed.

Once the user clicks "Agree" in the pop-up window, the private photos, contacts, call records, bank/operator text messages, and registration notifications of various websites in the cellphone can be seen at a glance in the app backend.

Especially in the cellphone album, which is a major privacy concern area, programmers can almost randomly select and zoom in to view any photo through the app backend - those who are accustomed to using the album to take photos to record card numbers and passwords should be highly cautious.

In addition, even if the privacy of taking photos is noted, the camera invocation is also an "invisible security loophole" that is difficult to prevent.

QR code scanning is a risk point with an extremely high daily usage frequency.

Just make a slight adjustment to the QR code scanning code in the Privacy Radar app to make the cellphone record all the images captured during the scanning process - as a result, many Android cellphones neither alarm nor report an error, allowing the app backend to easily save all the image content, and users are almost defenseless.

Then, let's look at the native Hongmeng aspect:

One of the biggest differences between the native Hongmeng and other operating systems such as Android is that its core concept of privacy and security has changed from "managing permissions" to "managing data".

This concept may not be easy to understand. For example:

In the native Hongmeng system, there are no pop-up window permissions, and the system will not directly open all the photos and contacts in the cellphone to the app, but only open the content selected by the user to the app.

Moreover, this process is "imperceptible" to the user's operation.

Although some Android and iOS also have the setting of "allowing the app to read some content", every time the user wants to add new content, they need to manually enter the system settings, find the corresponding app, turn on the switch, manually add pictures, exit the current app, and re-enter. The entire process is very cumbersome.

In the native Hongmeng, the user perception is still that they can see all the photos in the operation interface and freely select, but the system builds an invisible "privacy wall" between the user display interface and the app reading information. The app can only read the content selected by the user, and nothing else can be seen.

The native Hongmeng also plugs the security loopholes in the QR code scanning scenario through technical means. The QR code scanning interface of the native Hongmeng only allows the app to read the URL and text data after the QR code is decoded.

Moreover, the native Hongmeng has an "ultimate weapon" - prohibiting side-loading, not allowing the direct loading and installation of APK package files. All apps need to be downloaded through the Huawei AppGallery. The AppGallery has more than 200 detection capabilities and manual reviews by security experts, ensuring that malicious apps cannot invade the system from the source.

What do the programmers say?

After watching the evaluation video, everyone may have some common doubts - why are there such big differences in privacy and security capabilities for the same cellphone systems and the same apps? Is it a technical problem that cannot be overcome? Or is it a difference in product design concepts?

In order to clarify this problem, we interviewed several senior developers with experience in Android, iOS, and Hongmeng systems, and let the real programmers answer these questions.

First, the biggest difference in the top-level design concept:

Ma Binggang, the director of the Technology Development Department of ZOL Zhongguancun Online, told 36Kr that compared with Android and iOS systems, the biggest difference in the privacy and security design concept of the native Hongmeng is that it redefines the rules for apps to obtain user data. "Other platforms directly give the key to the user's house to the app, but the native Hongmeng will only give you what you ask for, such as a table if you ask for a table, and a chair if you ask for a chair, and nothing else, so as to prevent you from entering and taking away the TV."

For nine types of unreasonable permissions such as reading the list of installed applications, accessing stored files, creating desktop shortcuts, and obtaining device information, the native Hongmeng has taken a comprehensive ban on opening, reducing the management cost for users and avoiding the leakage of user privacy from the root.

Somewhat surprisingly, the enthusiasm of app developers for these privacy and security protection measures is even stronger than that of many users.

"We are also very troubled by privacy and security issues. In the past three years, we have invested a lot of manpower and material resources in app security and compliance. In addition to ensuring the collection of users' personal sensitive information and permissions, there are also issues of protecting data collection and device sensitive information." Wu Youshan, the technical director of the Technology Development Department of Pacific Technology, told 36Kr.

In fact, developers are often "unable to express their difficulties". Regular app developers will not intentionally steal user data, but in the development process of the application, many third-party SDKs are often needed. Each SDK may contain one or two lines of code that guide the user to agree to read the list of installed applications, access text messages, access stored files, etc. Especially in the Android system, there are also a large number of device identification information such as UDID, UUID, OAID, and AndroidID. Screening all the hundreds of thousands of lines of code is not only time-consuming and labor-intensive, but also inevitable to have some overlooked ones.

"Many apps simply do not need to collect this information, but to block them all, it is necessary to sort out several major types of privacy data one by one and manually turn them off, which is very troublesome." Wu Youshan said.

Therefore, the native Hongmeng's ban on opening nine types of unreasonable permissions, as well as the selective opening of data such as albums, cameras, contacts, personal locations, and clipboard, not only ensures the data security of users from the source, but also saves developers a lot of time and energy for screening and testing.

Moreover, sometimes "healthy" apps can also be maliciously tampered with by criminals and redistributed on the network. Users who download these maliciously tampered apps may encounter problems such as a screen full of small advertisements, or even more serious issues such as privacy leaks and telecommunications fraud, which has caused a lot of headaches for the original app developers.

In response to this point, @Super Xiaohua, who is also an APP application development programmer and a Bilibili UP owner, told 36Kr that the development process of the native Hongmeng is very different from that of Android. "Previously, when doing Android development, the code could be run on the cellphone after it was written; but for the native Hongmeng, whether it is the development, testing, or release of the app, there are mandatory signature requirements. Each signature can be traced back to me personally, and users can only download and install it through the Huawei AppGallery. Others cannot maliciously tamper with my application and redistribute it. This not only protects the safety of users, but also protects the rights and interests of developers."

Those who have code development experience can more or less understand that at the system architecture level, historical legacy problems will cause many "shit mountain codes" that cannot be bypassed. Many problems, even if they are not technical thresholds that cannot be overcome, will also result in high solution costs due to long-term historical burdens.

"Previously, when doing Android and iOS, we would patch one loophole when we found one security problem. But the native Hongmeng directly abandons many of the previous shortcomings from the source, and integrates many security functions directly, without

This article is originally produced by36氪品牌 For reprint or content cooperation, please click Reprint Instructions ;Unauthorized reprint will be held accountable.

The pictures in this article are from企业授权

For media inquiries, interview requests, business collaboration and Recruit global ecological partners, please contact mohaiying@36kr.com.
Partner:startuprad.io

36kr Europe (eu.36kr.com) delivers global business and markets news, data, analysis, and video to the world, dedicated to building value and providing business service for companies’ global expansion.

© 2024 36kr.com. All rights reserved.