More than 80% of the respondents have been exposed to information. Consumers Association suggested strengthening corporate supervision.

2024年4月28日 | admin | B2

  China Net Finance August 29th Today, China Consumers Association released an investigation report on the disclosure of personal information of App. In order to more accurately grasp the content scope, possible ways, problem forms, rights protection willingness and other relevant information of consumers’ personal information disclosure, and better safeguard consumers’ legitimate rights and interests, China Consumers Association organized a questionnaire survey on "App Personal Information Disclosure" from July 17 to August 13, 2018. The survey was conducted online, and a total of 5,458 valid questionnaires were collected.

  I. Main findings of the survey

  (1) Over 80% of the respondents have experienced personal information disclosure.

  According to the survey results, the overall situation of personal information disclosure is relatively serious, with 85.2% of people having experienced personal information disclosure and 14.8% not having experienced personal information disclosure.

  Figure 1: Have you ever encountered personal information disclosure?

  (2) Common problems encountered after personal information is leaked: harassing sales calls or text messages, receiving fraudulent calls, and receiving spam.

  According to the survey results, when consumers’ personal information was leaked, about 86.5% of the respondents were harassed by sales calls or text messages, about 75.0% of the respondents received fraudulent calls, and about 63.4% of the respondents received spam, ranking the top three. In addition, some interviewees have received illegal information such as illegal links, and even more, personal account passwords have been stolen.

  Figure 2: Expression of Personal Information Disclosure

  (C) Two key concerns of consumers’ personal information: being used for fraud and theft, and selling or exchanging it to a third party.

  According to the survey results, if the mobile App leads to the disclosure of personal information, the most worrying issue is being used for fraud and theft, accounting for 70.5%. Followed by selling or exchanging to a third party, accounting for 52.4%, being harassed by promoted advertisements accounting for 37.7%, and reputation damage accounting for 6.6%.

  Figure 3: Concerns about personal information disclosure

  (D) Operators’ unauthorized collection of personal information and intentional disclosure of information are the main ways of personal information disclosure.

  According to the survey results, the main way of personal information leakage is that the operator collects personal information without his consent, accounting for about 62.2% of the total sample of the survey; Second, operators or criminals intentionally disclose, sell or illegally provide personal information to others, accounting for about 60.6% of the total sample of the survey, and 57.4% of personal information is leaked due to loopholes in the network service system. There are also criminals stealing and defrauding personal information through Trojan horses and phishing websites, and operators collecting unnecessary personal information, accounting for 34.4% and 26.2% respectively.

  Figure 4: Ways of Personal Information Disclosure

  (5) About one-third of the respondents chose to admit that they were unlucky after the disclosure of personal information.

  According to the survey results, after personal information is leaked, respondents will take various measures to safeguard their rights and interests, such as complaining to consumer associations and relevant administrative departments, and some respondents will choose to negotiate with service providers and give feedback to relevant industry organizations.

  It is noteworthy that in the end, about one-third of the respondents chose to "admit that they are unlucky", which may be based on their inability to cope, on the other hand, they may accept the status quo after failing to cope.

  Figure 5: Measures taken after personal information is leaked.

  (6) Reading the APPlication authority and user agreement or privacy policy when installing and using the mobile app.

  1. In terms of reading habits, the respondents who choose "occasional reading" are the most.

  According to the survey results, when users install and use mobile apps, few people read the application rights and user agreements or privacy policies, and most of them read occasionally and never read. Always reading accounts for 18.1%, often reading 8.2%, sometimes reading 16.4%, occasionally reading 31.2% and never reading 26.2%.

  Figure 6: Habits of reading application permissions and user agreements or privacy policies.

  2. From the reading level, the respondents who chose "probably reading" were the most.

  According to the survey results, among 73.8% of the respondents who have read the application rights and user agreements or privacy policies, only 26.7% of the respondents can carefully read the written descriptions of the application rights and user agreements or privacy policies, less than 30%; Nearly 40% of the respondents will probably read the relevant policies, accounting for the highest proportion; About 20.0% of the respondents will choose to read the key chapters; Some respondents will occasionally check the application rights and user agreement or privacy policy text during the use process.

  Figure 7: The extent of reading application permissions and user agreements or privacy policies.

  3. "You can’t use it without authorization" is the main reason why respondents "never read".

  According to the survey results, among the 26.2% respondents who never read the application rights and user agreements or privacy policies, the main reason for choosing never to read them is that they can’t use them without authorization, and they can only be forced to accept them, accounting for 61.2%. There are also 22.2% of the respondents who trust the App operators, and 16.6% of the respondents think that the contents of the App user agreement are similar.

  Figure 8: Reasons for never reading application rights and user agreement/privacy policy.

  (7) More than 60% of the respondents take measures to fill in some personal information to protect the safety of personal information.

  According to the survey results, respondents mainly protect personal information security by filling in only a part of personal information when using App, accounting for 67.2%. 32.7% chose to turn off personalized services (such as location), 29.5% refused access to software, 24.6% installed relevant protection software, 18.0% used some false information during registration, and 4.9% of the respondents said they didn’t care.

  Figure 9: Personal Information Protection Measures

  (8) The permissions required by App are mainly to obtain location information and access contacts.

  According to the survey results, the right to read location information and the right to access contacts are the most frequently encountered when installing and using mobile apps, accounting for 86.8% and 62.3% respectively. The proportion of respondents who were asked to read the phone records (47.5%), read the short message records (39.3%), turn on the camera (39.3%) and record the microphone (24.6%) was relatively high.

  Figure 10: Permission required to install and use mobile APP.

  (9) Nearly 70% of the respondents believe that mobile apps gain user privacy rights when their functions are unnecessary.

  According to the survey results, it is more serious for mobile apps to obtain users’ privacy rights when their own functions are unnecessary. 67.2% of the respondents encountered this situation, and only 32.8% of the respondents did not.

  Figure 11: Do you get user privacy rights when using the mobile APP without its own functions?

  (10) Nearly 80% of the respondents believe that the reason why mobile apps collect personal information is to promote advertisements.

  According to the survey results, respondents believe that promoting advertisements is the most important reason for mobile apps to collect personal information, accounting for 77.0%. Other reasons were selling and exchanging personal information (45.9%), digging up users’ habits and providing better services (42.6%) and fraud and theft (24.6%).

  Figure 12: Why the mobile App collects personal information.

  (11) The main reasons for personal information security problems in mobile App are weak personal safety awareness and inadequate supervision.

  According to the survey results, weak awareness of personal information security protection and inadequate supervision are the main reasons why respondents believe that personal information security problems occur in mobile apps, accounting for 64.0% and 57.3% respectively. Imperfect relevant laws (39.3%), difficulty in obtaining evidence, high cost of rights protection (24.6%), weak awareness of rights protection (19.6%) and lack of self-discipline in the industry (18.0%) are also important reasons for personal information security problems in mobile apps.

  Figure 13: Reasons for Personal Safety Problems in Mobile APP

  (12) More than 80% of the respondents believe that the current mobile App needs to be strengthened in the protection of users’ personal information.

  According to the survey results, respondents believe that the current mobile App needs to be strengthened in terms of users’ personal information, with 62.3% of respondents thinking it is very necessary and 23.0% necessary, accounting for more than 80% of the total sample of the survey. The proportion of people who think it is unnecessary, unnecessary and completely unnecessary is relatively small.

  Figure 14: The willingness to strengthen the protection of users’ personal information in the current mobile App.

  1. Personal information disclosure is quite serious, and there are various ways and forms of information disclosure. According to the statistical results, the main ways of personal information leakage of consumers are that operators secretly collect personal information without their consent, operators or lawless elements deliberately disclose, sell or illegally provide personal information to others, and there are loopholes in the network service system, resulting in personal information leakage; When consumers’ personal privacy information is leaked, the most common situations are receiving fraudulent calls, sales calls, SMS harassment, spam and so on.

  2. Over-collection of personal information by mobile apps shows a general trend. According to the survey results, there are many kinds of permissions that mobile apps need to obtain, the most prominent of which is to obtain location information and access contact rights; Moreover, the user’s privacy rights are obtained when the function of the App itself is not necessary, which increases the risk of personal information disclosure; Most respondents believe that the reason why mobile apps collect personal information is to promote advertisements.

  3. The frequency and depth of consumers’ reading of mobile App application rights and user agreements or privacy policies need to be improved. According to the survey, more consumers never or occasionally read the text descriptions such as the application rights of mobile App and the user agreement or privacy policy. Moreover, due to the lack of knowledge of network technology and the length of written expression, some consumers will not fully read the written description of privacy policy, or browse it roughly, or read key chapters, and they are not deeply aware of it, and it is easy to miss key information or key descriptions. There are also a large number of consumers who can’t use the App without authorization and have never read the application rights and user agreement or privacy policy of the app.

  4. The countermeasures after the disclosure of consumers’ personal information are insufficient. According to the survey data, after the disclosure of personal information, consumers are most worried about being used for fraud and theft or handing it over to a third party; However, it is worth noting that there are not a few respondents who choose to respond negatively and feel unlucky, and consumers’ awareness of active rights protection needs to be strengthened.

  5. Consumers have a strong awareness of personal information security but lack effective protection means. The survey shows that users protect personal information security by filling in some information, and the weak awareness of personal safety and inadequate supervision are the main reasons for personal information security problems in mobile apps. On the one hand, consumers and mobile App service providers are often in an unequal position, and they can only agree or be forced to agree to format terms and information access rights; On the other hand, although consumers have a sense of self-protection, they don’t know how to protect themselves more effectively, and it is difficult to deal with them effectively.

  Iii. suggestions

  This survey shows that with the rapid development of the mobile Internet, the leakage of consumers’ personal information is not optimistic, and there is a general trend of over-collection of personal information by mobile apps. Consumers have many concerns, but they often lack sufficient effective countermeasures to protect consumers’ personal information and privacy. How to protect consumers’ personal information and privacy, respect consumers’ values and wishes, and make consumers’ personal information and privacy data no longer "streaking" and be reasonably respected and protected is inseparable from the extensive participation and common governance of all sectors of society. To this end, the China Consumers Association suggests:

  1. Improve relevant laws and regulations to provide a solid foundation for the long-term development of the industry. At present, China has issued some normative documents and recommended standards to regulate and guide the collection of personal information by App, but the disciplinary measures and compensation issues that consumers are generally concerned about are not deep enough. It is suggested to further clarify the rights and obligations of both parties in the network information service, especially the obligations and responsibilities of App service providers, do a good job in coping with and judging the risks and problems related to the application of personal information and data, and let the data industry in the network era develop within the scope of the rule of law.

  2. Strengthen the dynamic supervision of enterprises to provide a solid guarantee for the orderly development of the industry. The supervision of mobile App and the protection of personal information need the cooperation and dynamic supervision of the relevant departments such as industrial credit, market supervision, public security, culture and network security. First, strict access threshold and registration and filing, such as the review of developer qualifications, the registration and filing of App, the review of App service functions and contents, and all aspects of violation punishment mechanism should form a linkage to strengthen source governance; Second, severely punish all kinds of violations of laws and regulations, severely crack down on the black industrial chain of personal information trafficking, and form a normalized supervision mechanism for violations of consumers’ personal privacy information; The third is to pay close attention to the development trend of App in the market, such as jointly establishing an App spot check system and a blacklist system, and promptly publicizing the blacklisted software to remind consumers to download it carefully.

  3. Urge enterprises to be self-disciplined and provide internal motivation for the healthy development of the industry. First of all, App service providers must establish the awareness of the first person responsible for consumer rights protection, adhere to the "safety" bottom line, and strengthen the responsibility to protect consumers’ personal information; Secondly, enterprises should obtain user data in a reasonable and legal way, and take effective measures to ensure the safety of users’ personal information and data, and win consumers’ choice and trust with service quality and security guarantee; Third, enterprises should avoid misunderstanding and misreading by consumers in a concise, eye-catching and easy-to-understand way when providing relevant services and fulfilling their obligation to inform; Fourth, enterprises should fully listen to and respect consumers’ reasonable demands and opinions and give timely feedback to improve consumers’ satisfaction and trust.

  4. Encourage the public to participate and strengthen the popularization of network knowledge and safety education norms. On the one hand, it is necessary to widely mobilize social forces to jointly deal with the information leakage of mobile App through social propaganda, social mobilization, social participation and social supervision, strengthen the popularization of network knowledge and safety education norms, and enhance consumers’ awareness of personal information security protection and rights protection; On the other hand, it is necessary to unblock complaint channels and rights protection channels, and let consumers actively participate in the actions to safeguard personal information security through the construction of convenient complaint, report, feedback and handling channels, so as to enhance consumers’ rights protection will and effect.

  5. Cultivate good information credit awareness and usage habits. Consumers should pay attention to "four attentions" when choosing to use mobile App: First, they should pay attention to choosing safe and compliant App products and services, and choose formal and effective channels for download and installation; Second, we should pay attention to carefully reading the Application authority and user agreement or privacy policy description of the app to understand the operational precautions; Third, we should pay attention to cultivate good habits, do not arbitrarily open and agree to unnecessary reading rights, do not arbitrarily input personal privacy information, and regularly maintain and clean up relevant data; Fourth, we should pay attention to seriously deal with the problem of personal privacy information being leaked. When personal information is found to be leaked, we should take the initiative to protect rights in time through effective means and report it to relevant departments when necessary, so as to protect more consumers from it.