Is Chinese people's privacy worthless? Comparison of domestic and foreign apps reveals unexpected results

Recently, App privacy has once again become a hot topic. On the one hand, a certain Internet tycoon's statement that "Chinese people are not sensitive to privacy" has caused a huge uproar; on the other hand, the official media named the widely circulated App "WiFi Master Key" and criticized its privacy leakage issues.

For a while, people were talking about it. After all, everyone is well aware of the severity of privacy leaks in China. Privacy leaks have long become a daily routine in the Internet age, and people are full of resentment about it. This time, they finally found a place to vent their grievances.

Indeed, the problem of privacy leakage in China is extremely serious. Especially after entering the mobile Internet era, various Internet manufacturers have shown their magical powers, making people marvel at how seemingly formal companies can be so greedy.

Especially on the Android platform, apps are extremely ruthless in taking user privacy. How is this specifically manifested? Let's take a look.

The same app, the domestic version actually requires more permissions

If you randomly install an app in China, you will often encounter a headache-inducing list of permissions. I believe everyone has already experienced this in daily use.

However, many people may not know that this phenomenon is often unique to the domestic version of the app. For the same app, the permissions applied for by the international version are often cleaner than those of the domestic version!

This is not an exaggeration. If you have the opportunity to browse Google Play, you will find that some common domestic apps are also listed. However, unlike the domestic versions, these domestic apps listed on Google Play are not as crazy about permissions as the domestic versions.

For example, Tencent has also launched the international version of PlayerUnknown's Battlegrounds: Battlegrounds, "PUBG MOBILE", on Google Play.

But unlike the domestic version, the international version of "PUBG MOBILE" only applied for 14 permissions, while the domestic version of "PUBG: Battlegrounds" applied for 31 permissions! Is this really necessary?

Comparing the two official versions of PUBG, we can find that many privacy-related permission requests do not appear in the international version. For example, the domestic "PUBG: Battlegrounds" will request GPS positioning, modify system configuration, and request boot-up, but these permissions are not requested in the international "PUBG MOBILE".

Is this phenomenon unique to domestic apps? Not really. Some apps from abroad also apply for fewer permissions in their international versions than in their Chinese versions. For example, the Amazon official store app applied for 21 permissions in the Google Play version, while the version released in China applied for 41 permissions.

Why does the domestic version of the same app require more permissions? There are many reasons.

For example, the international version of the App can call the Google service framework to implement functions such as push and recording, but the domestic App does not have this condition - Google Play services are isolated from the domestic market. In order to achieve similar functions, domestic Apps can only use some third-party APIs, and these APIs usually require the App to apply for additional permissions to access.

For example, although Google Play’s privacy policy is relaxed, it still exists, while it basically does not exist in China.

Due to various factors, it is not surprising that the domestic version of the App will request more permissions.

Although some domestic versions of apps request more permissions in order to achieve normal functions rather than to steal privacy, requesting more permissions greatly increases the risk of leaking user privacy - take access to a third-party API as an example, it is difficult to guarantee whether this third-party API will sell out user privacy.

As Google Play cannot be used normally and the domestic unified push alliance has not yet been formed, I am afraid that users will have to endure this situation for a long time.

Do you have a permission management system? No permission is given and no use is allowed

Android has been paying more and more attention to privacy and security issues in recent years. Even the native version of the Android system has now added the permission management system that everyone loves.

By using the system's permission management system, users can control whether an app can use a certain permission. Previously, to use an app, users had to accept all permissions applied for by the app.

The permission control system has become popular. Some users sighed that they no longer have to be raped by apps. But is this really the case?

As the saying goes, the devil is always stronger than the saint. In terms of permission management, domestic apps have staged a typical "every policy has its countermeasures".

You can indeed prohibit some domestic apps from applying for certain permissions, but after doing so, the app may simply refuse to open. That's right, even if there is a permission management system, if you do not accept the app's permission application, you will not be able to use the app even if you install it.

Apps often give a seemingly reasonable reason, such as a certain permission is an indispensable part of the function, and the app can refuse to run without the permission, etc. However, is this reason tenable?

In fact, disabling a certain permission can indeed make the App unable to use the corresponding part of the function. For example, if you deny the App camera permission, then functions such as scanning QR codes will be useless.

However, being unable to use a certain function within an App does not mean that you cannot use the App. If an App cannot call up camera permissions and then refuses to provide you with functions such as web browsing and instant messaging, it seems like an unfair clause no matter how you look at it.

According to common sense, an app should call a certain permission when activating the function involving the permission. However, many domestic apps will check whether the permissions are complete when the app is opened.

For example, when you open an app and scan the QR code before clicking on it, a pop-up box will appear asking for camera permission. It is this abuse of permissions that allows apps to force users to grant certain permissions, rendering the permission management system useless.

Fortunately, fewer and fewer apps use this strategy now. If you want to completely prevent such a situation, I'm afraid users must use a management system that can grant fake permissions to apps. There are similar tools in the Xposed framework.

However, the threshold for such a troublesome method is always too high. If an App is determined not to grant permissions or allow use, I am afraid that most users will still have to swallow the big gift package of permissions.

These apps are very popular in China, but do you know how big the privacy risks are?

It is common for domestic apps to ask for permissions. No matter whether it is a browser app, weather app, or chat app, it would be embarrassed if it didn’t ask for dozens of permissions.

However, some apps are naturally more likely to leak privacy than others. These apps are popular in China, but many people do not notice the dangers involved.

For example, the WiFi Master Key mentioned by the official media this time is a must-have for many Chinese people. The official media believes that the WiFi Master Key will leak important privacy such as WiFi passwords and even leak state secrets.

Subsequently, WiFi Master Key officially responded to the incident, saying that the official media report contained counterfeit content, and WiFi Master Key has always focused on password protection. However, this also indirectly reflects that this type of app is a hotbed for privacy leaks.

Not to mention whether the WiFi Master Key App will leak WiFi passwords, WiFi sharing apps with similar functions have already become ubiquitous. Many friends have installed them and tried to use them to surf the Internet.

However, the reason why such apps can successfully steal the Internet is that they rely on a huge database of WiFi passwords. And is there any privacy in this database that is leaked without the user's knowledge? This is very worrying.

After all, no one can guarantee that all WiFi sharing apps will strictly control the process of WiFi password sharing. The magic of automatically sharing passwords when connected to WiFi, or even trying to crack the router password to obtain further data, is a reality that happens from time to time.

Using some WiFi sharing apps means giving the privacy of your wireless network to the other party, but unfortunately many Chinese people are not aware of this.

In fact, similar situations are not limited to using WiFi sharing apps.

Many Chinese people also like to use some global filtering tools for mobile phone advertisements. The principle of such tools is to use VPN to establish a local gateway to filter all the user's Internet traffic. Through rule matching, this can indeed effectively filter advertisements, but at the same time it also means that all your Internet traffic data is under the eyes of others.

This type of ad-free app did not disappoint, and broke out the scandal of hijacking traffic to push ads (click to view the relevant report). However, for this kind of app with privacy leakage risks, many people are happy to use it, which makes people sigh that the Chinese people have a weak sense of security.

Summarize

Are Chinese people really insensitive to privacy? Various examples show that this is indeed true.

Although many users in China are distressed by the current privacy situation, more people do not care how many permissions the App requests or whether a certain function poses any risks, as long as the software application can work.

However, the laws and regulations on privacy protection have not been improved or effectively enforced. Under such circumstances, the privacy of the Chinese people seems to be particularly cheap.

In this era of mobile Internet, there will be more and more apps and even various technologies that demand more privacy in the name of intelligence. If the leakage of privacy is not effectively controlled, "intelligence" may eventually evolve to the point where it knows you better than you know yourself. Is this a good thing? Let time answer this question.