WeChat secretly accesses photo albums. Are these apps really that rebellious?

[[428187]]

I don’t know if you guys still remember that in the push notifications two days ago, we put a piece of news about WeChat reading user photo albums in the background in the big news, which caused quite a bit of discussion online at the time.

That night, WeChat was badly criticized in the backstage comments...

This incident was first exposed by a blogger named Hackl0us, who found that apps such as WeChat, QQ and Taobao on his mobile phone repeatedly read user photo albums in the background.

According to the blogger, he used an app called “Privacy Insights” and combined it with the new feature of iOS 15 “Record App Activity” to read the App’s permission usage records.

As a result, he found that WeChat would read user photo albums in the background when not in use, and each reading time could take from 40 seconds to 1 minute.

WeChat also responded later, stating that the iOS system provides developers with a feature called "Album Update Notification Standard Capability", which will notify the App when the album content is updated, so that preparations can be made in advance, and this preparation behavior will be recorded as reading the album.

Simply put, WeChat wants to predict our operation, but this operation will be regarded by the system as reading the photo album, and it happens without the user's knowledge. . .

On October 9, the blogger posted again, saying that the WeChat team had contacted him and said that the image selector would be changed.

Shichao went to the App Store today and found that WeChat had indeed been updated, but it was a small update with the version number unchanged.

Therefore, Shichao thinks that the poor friends don’t need to panic too much. According to the official response of WeChat, combined with the function that this operation is intended to achieve, it is possible that everyone has really misunderstood WeChat. . .

Because this operation performed by WeChat is completed locally, and the functions implemented are mostly to quickly pop up the photos you may want to send when you click the plus sign.

But this only shows that WeChat's operation is predicting our photo-posting behavior, but there is not enough evidence to say that it is peeping into our photo albums.

Moreover, Apple's official documentation also mentions that there is an interface in iOS for observing album changes.

The function of this interface is that when the iOS system finds that the album has been updated, it can wake up the App when the user is not using the phone, allowing the App to get up in the middle of the night to predict the photos.

But if we want to discover their little movements it's actually very easy.

This incident was achieved through App Privacy Insights and the new feature of iOS 15 "Record App Activity".

First download Privacy Insights, and turn on “Record App Activity” in the privacy settings.

Next, click “Store App Activity” in the privacy options and select “Import to Privacy Insights” to see what permissions the apps use.

Shichao took a look and found that the WeChat access records were indeed as the news said, with a lot of them reading photos.

On the Android side, it is easier for users to view App behavior, because many domestic manufacturers have now integrated privacy protection functions directly into the system.

For example, MIUI 12 can not only view and modify the permissions of all applications, but also directly read all application behavior records, and display them in the form of a timeline, so that you can see at a glance which app uses what permissions.

Let’s take a look at ColorOS next door. The permission management there is also very detailed. Everything from positioning to floating windows can be set individually. If you are not satisfied with the permission requirements of a certain application, just turn it off.

ColorOS now also supports viewing detailed permission usage records. Shichao did not find WeChat viewing the photo album, but it often "tries to read location information"...

Shichao doesn’t usually post his location, and he doesn’t add location information when posting to Moments. The only thing he can think of is to make the advertising in Moments more accurate. . .

Next is the privacy management master Flyme, which not only has application behavior records like MIUI, but also can set sensitive permission reminders.

It can be seen that the above systems do a good job in terms of privacy. They can list what each application has done, just like the Privacy Insights App.

This is also one of the best improvements made by domestic manufacturers in the system in the past two years. Even if I can't control you, I will tell users what you have done secretly.

But what you can actually do is more than just checking the records. Sometimes, just by moving your fingers and making simple settings, you can minimize the risk of your privacy leakage.

Trust Shichao, managing app permissions is really simple...

For example, in iOS 15, you can set access permissions for apps individually in settings, such as allowing access only to selected photos, or turning off background app refreshes.

You can change some apps that do not require frequent location usage to require a prompt every time you use them, or simply turn off precise location.

If you are an Android user, it will be easier, because the current Android phones have a higher level of privacy management than you think. . .

For example, not only can you view all application behavior records through MIUI 12, but you can also use many tools to protect privacy.

You can also make detailed settings for the permissions of an App separately. For example, in ColorOS 11, Shichao can change WeChat’s location information from “Allow when using” to “Ask every time you use it”.

Almost all mainstream mobile phone systems now have such setting options. If you think the permissions of an App are unnecessary, you can change it to ask when using it, or just turn it off directly.

If you think it's too troublesome to ask every time, you can just change it back~

For example, Huawei's HarmonyOS has a more detailed special access permission, where you can find some rarely used and unpopular permissions, but you can set them all. This operation deserves a thumbs up.

This kind of in-depth and detailed permission setting is not unique to HarmonyOS. Different systems will have different permission settings. You can go to the settings of your mobile phone and take a good look at it, and turn off a few unnecessary permissions.

So to sum up, today's mobile phones have actually made great progress in terms of privacy, especially domestically produced customized systems, which have almost achieved all-round management of application permissions at the system level.

But many users are not aware of this and are still being arbitrarily "slaughtered" by apps. In fact, everyone can completely avoid the unreasonable demands of some apps.

Doing so cannot completely eliminate rogue behavior, but it can reduce the risk of privacy leakage to a certain extent, save mobile phone power, and ensure the user experience.

But no matter how much more mobile phone manufacturers and users do, Shichao can judge that this privacy debate is not the first, and it will definitely not be the last.