Shulou(Shulou.com)06/02 Report--

The crowded subway during the morning rush hour is also the scene of a large peep screen in Beijing, Shanghai and Guangzhou.

If you are too crowded to pull out your phone, you are blessed-because you can peek at other people's phones fair and square. In a carriage, there must be four or five novel readers, seven or eight short videos, plus a few who are tired of abusing dogs on Wechat with their boyfriend and girlfriend. In forty minutes, it's much more interesting than playing with your own mobile phone.

But then again, if you want to play with your cell phone and be spied on by passers-by, everyone will be angry. If the person on the peep screen is not a passer-by, but a product manager of a piece of software on a mobile phone, or a data analysis company, people will be more frightened than angry.

Official peep screen is the deadliest.

And the "official peep screen", which has the same plot as the thriller, has been staged around us.

IPhone users should know that Appstore has always been forbidden to launch third-party screencap apps. Before the iOS system had its own screencap function, users could even install screencap software only through jailbreak.

Obviously, Apple is doing this to ensure the privacy and security of users. However, after the introduction of its own screencap function in recent years, it has also given others an opportunity to take advantage of it.

Recently, it has been exposed in the media that Canadian Airways, clothing brand Hollister and hotel reservation platform Expedia all have screenshots without user permission, and the apps of these brands have a common third-party data service provider-Glassbox, which provides screencap SDK to these applications.

Glassbox, which just raised $25 million last year, openly advertises on its website that screencap SDK can record every interaction within the software, help companies better understand user behavior and further optimize products. But the media soon discovered that Glassbox did not desensitize the screencap content, and even recorded the user's credit card payment information completely.

Combined with the leak of user information that occurred in Air Canada last year, this immediately caused a great backlash from users. They found Glassbox tweets boasting about their business on Twitter and started complaining crazily in the comments section.

The comments described Glassbox's behavior as a "human nightmare" and said the service should be sold to PornHub. In fact, as early as 2017, Princeton University researchers found a similar situation on the PC page of drugstore chain Walgreens. When users browse, buy drugs and enter a search, they are recorded by companies that analyze their data, as well as their credit card payments. Like Glassbox, Fullstory, a data analytics company that provides services to Walgreens, also provides "peeping screen" services to several e-commerce companies.

(the soft text of a domestic screencap analysis service)

Through the search, we found that there are companies in China that can provide similar data services, and very explicit propaganda can also be seen on their home pages.

From this we can see that from the mobile end to the PC end, the harm and popularity of "official screencap" are far beyond people's imagination.

Under the three-tier peep screen industry chain, is it really worth the risk?

So what on earth can this "official screencap" model provide for brands?

Through the observation of Glassbox, Fullstory and some local screencap data service companies, we can find that these enterprises can provide the following levels of functions.

The first layer is to observe user behavior directly.

This layer is basically the "basic" service provided by screencap data service companies, which allows buyers of the service to directly access and watch user behavior videos. In fact, for most enterprises, this kind of service is meaningless-after all, they do not have enough manpower to watch massive videos. Generally speaking, this layer of function is used as a starter to attract users to purchase follow-up services.

The second layer is the thermal map that records the user's behavior.

In the previous web port, many websites already have the habit of recording the thermal map of user behavior, by recording the mouse pause, click frequency and distribution of users to help website owners to understand the distribution of user traffic and time in each block of the page. Generally speaking, only search engines have this permission, but combined with screencap, App and other web pages can also record heat maps.

The last layer is an in-depth analysis of user behavior through machine learning.

If the record of the thermal map is to display the data, then the ultimate goal is to use machine learning to analyze the data to predict the user's intention. This is also the main function of Glassbox, the protagonist of this peeping screen scandal.

Through these three layers of functions, adding AI computing to screencap data has become a scene in which every swipe and touch of a large number of users on the screen are gathered together and fed back to the enterprise, telling them which product is more popular, which advertisement has been stayed longer, and how many users have been deterred from the final payment page.

In this way, enterprises can not only gain strong insight, constantly optimize the product interactive experience, but also verify the advertising effect, and even automatically discover the BUG in the page.

The improved efficiency is really worth the desperation of enterprises and third-party data service enterprises.

It's just that in addition to the user's own resistance, companies like Glassbox take advantage of the loopholes in the app store, coupled with the lack of protection and desensitization of user data, which is morally and securely unacceptable.

Apple ecological security is set by people to collapse.

In fact, this incident also raises an interesting question: why did the Apple Store be exploited?

In addition to the impact on the enterprise itself and related brands, the biggest "victim" of the Glassbox incident is Apple. In this incident, many people pulled out a poster on CES a month ago that Apple mocked the security of Android phones.

Recently, Apple has had a lot of security problems: six months ago, after the Cambridge incident, the media discovered that dozens of apps in the Apple Store shared user location information with third parties without the user's permission. In early February, Apple was exposed that there was a BUG in the Facetime, which could be listened to if the user didn't answer it. The most recent is the screencap scandal that happened in the past two days.

There are both the strength of app developers (screencap and sharing location information) and the loophole that Apple itself can't evade (Facetime problem).

Recently, the "human setting collapse" has become popular in the entertainment industry, and now it seems that Apple's "safe human setting" is also in jeopardy. Apple has always stressed how to pay attention to the security of user data and ensure the privacy of user data. Especially after the Cambridge incident, Cook even wrote a personal article to time magazine, calling for federal legislation to protect the privacy of users' data. In the update of iOS 12, I also specifically emphasized my concern and commitment to privacy protection. Some media even posted headlines such as "Cook is angry! forbid APP hooligans to claim rights". As for using posters to ridicule competitors, it is even more trivial.

Behind all the settings, there are four big words: "related to interests". A large part of Apple's recent emphasis on security and privacy is that it wants to hedge the negative impact of iOS's ecological closeness with people's fear of security. IOS's high bar for development, coupled with the stringent reviews of the Apple Store, is indeed less friendly to developers than Android. The emphasis on closed ecological security is actually a way for Apple to bypass developers and cut off Hu directly from the user's point of view.

Today's status quo, on the other hand, shows that Apple's security personnel setting is a bit "broken". In the current dilemma, Apple may have to find a way to seriously manage its own people.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.