Shulou(Shulou.com)11/24 Report--

Thanks to CTOnews.com netizens, soft media new friends 2010825, Coje_He, Monsterwolf for the clue delivery! CTOnews.com news on March 15, March 14, the Central Network Information Office released a test report on the collection of personal information of "browser class" App, testing the collection of personal information of some App widely used by the "browser class" public.

Tu Yuan Pexels this test selected 19 app stores with a cumulative total of 100 million downloads of "browser" App, including Huawei browser, Xiaomi browser, UC browser and so on. This test takes the completion of an Internet information browsing activity as the test unit, including starting App, searching information, accessing information three user usage scenarios, and background silent application scenarios.

For system permission calls, 9 App calls location, device information, clipboard, application list, photo album and other system permissions in 4 scenarios, but no other permissions such as microphone and address book are found.

In the start-up App scenario, the Wukong browser (category 5) calls the most system permissions, and the UC browser calls the most system permissions (88 times). In the search information scenario, the most kinds of system permissions are called by Xiaomi browser and Sogou browser (both types 3), and the most calls are made by Xiaomi browser (12 times). In the scenario of accessing information, when you open the website through the browser, the Wukong browser calls the system permissions the most (category 2, 5 times); when downloading files through the browser, the UC browser and Wukong browser call the system permissions the most (both twice).

According to the upload of personal information, the test found that 9 App uploaded four types of personal information: ① location information, including latitude and longitude, street address, currently connected Wi-Fi MAC address, currently connected base station information, peripheral available Wi-Fi MAC address; ② unique device identification number, including IMEI (International Mobile device Identification number), Android ID (Android ID), OAID (Open Anonymous device Identifier), mobile phone MAC address ③ app list information, including the installed, newly installed and newly uninstalled apps on the phone, and the screenshot operation information of ④ users in App.

The attached test results of CTOnews.com are as follows:

1. The test subjects selected a total of 9 "browser" App from 19 app stores with a total of 100 million downloads, as shown in Table 1.

Table 1:9 App basic information II, test methods (1) test environment

This test selects mobile terminals of the same brand and model, installs the same version of Android operating system, deploys 9 App respectively, and operates synchronously in the same network environment.

(2) Test scenario

Take the completion of an Internet information browsing activity as the test unit, including starting App, searching information, accessing information three user scenarios, and background silent application scenario "²".

(3) content of the test

This test includes three items: system permission call, personal information upload and network upload traffic.

Test results (1) system permission invocation

The test found that 9 App called location, device information, clipboard, application list, photo album and other system permissions in four scenarios, but no other permissions such as microphone and address book were found.

(1) in the launch App scenario, the Wukong browser (category 5) calls the most system permissions, and the UC browser calls the system permissions the most (88 times). The details are shown in Table 2.

Table 2 start App scenario call system permissions (2) in the search information scenario, the most types of calling system permissions are Xiaomi browser and Sogou browser Express version (both category 3), and Xiaomi browser has the largest number of calls to system permissions (12 times). The details are shown in Table 3.

Table 3 search for information scenarios call system permissions (3) in access information scenarios, when opening a website through a browser, the most types and times of system permissions are called by Wukong browser (category 2, 5 times); when downloading files through a browser, the largest number of calls to system permissions are UC browser and Wukong browser (both twice). The details are shown in Table 4.

Table 4 access information scenario call system permissions (4) in the background silence scenario, the most kinds of system permissions are UC browser, quark browser, 360browser and Wukong browser (all category 2), and the most calls are 360browser (16 times). The details are shown in Table 5.

Table 5 system permissions for background silent scenario calls (2) upload of personal information

The test found that 9 App uploaded four types of personal information "³": ① location information, including latitude and longitude, street address, currently connected Wi-Fi MAC address, currently connected base station information, peripheral available Wi-Fi MAC address; ② unique device identification number, including IMEI (International Mobile device Identification number), Android ID (Android ID), OAID (Open Anonymous device Identifier), mobile phone MAC address. ③ app list information, including the installed, newly installed and newly uninstalled apps on the phone, and the screenshot operation information of ④ users in App.

(1) in the App launch scenario, UC browsers (4 categories) upload the most kinds of personal information. The details are shown in Table 6.

Table 6 launch the upload of personal information in App scenario (2) in the search information scenario, Wukong browser (category 2) uploads the most kinds of personal information. The details are shown in Table 7.

Table 7 upload of personal information in search information scenarios (3) in the access information scenario, Xiaomi browser and Wukong browser upload the most types of personal information when opening the website through the browser (both category 2); when downloading files through the browser, the most types of personal information upload are UC browser and 360browser (both category 2). The details are shown in Table 8.

Table 8 access information scenarios upload of personal information (4) in the background silence scenario, the most types of personal information uploaded are UC browsers (category 3). The details are shown in Table 9.

Table 9 upload of personal information in background silence scenario (3) Network upload traffic

(1) when a user completes a website browsing activity (starting App, searching for information, and opening a website), Wukong browser has the most uploaded data traffic, about 1608KB, and Xiaomi browser has the least, about 472KB. The details are shown in figure 1.

Figure 1 average upload data flow of a website browsing activity (unit: KB) (2) 9 App when users complete a file download activity (start App, search for information, download files), the average upload data flow is QQ Browser, about 1994KB, and the least is Xiaomi browser, about 152KB. The details are shown in figure 2.

Figure 2 average upload data flow of a file download activity (unit: KB) (3) Nine App backend silence for 12 hours, the average upload data traffic is the UC browser, which is about 2506KB, and the Huawei browser, which is about 87KB. The details are shown in figure 3.

Figure 3 APCge upload data traffic (in KB) for 12 hours of silence at the backend Note:

The website includes Huawei App Store, Mi Store, Tencent YingYongBao, OPPO App Store, vivo App Market, 360Mobile Assistant, Baidu Mobile Assistant, Pea Pod Mobile Assistant, Legend App Store, Le Store, Meizu App Store, Mobile MM Store, Pacific download, Zhongguancun online, Muant Android App Market, Duote Software Station, Huajun Software Park, Xixi Software Park, and Green Resources Network.

App means that the user clicks the browser icon to start App until the home page loads; search information means that the user searches a website or file until the search results are loaded; access information means that the user clicks a search result to browse (when the search result is a web page) or download (when the search result is a file); background silence means that after the user starts the browser, directly switches to the background to keep silent state.

"³" does not contain interactive information generated by the user's access to the Internet. For example, when users browse a bank website, they may transmit information such as identity card number, bank card number and withdrawal password to the website. In this process, the browser only forwards data to the website in accordance with the network protocol, and does not collect the above information.

Repeat the test 10 times in total.

Repeat the test 10 times in total.

The test was repeated 6 times in total.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.