Sihai network

100 apps over collect personal information! 85% of the respondents were not spared

This morning, China Consumer Association released the report on the evaluation of personal information collection and privacy policy of 100 apps. Among the top ten apps evaluated, 100 apps over collect personal information! 85% of the respondents were not spared.

China Consumer Association carried out the activity of APP personal information collection and privacy policy evaluation from August to October 2018. All app downloads were downloaded from App store and Android Market during September 1-3 and recorded for evidence. In this activity, consumer rights volunteers were invited to experience 100 apps in 10 categories: communication and social networking, video and audio broadcasting, online shopping, transaction payment, travel navigation, financial management, tourism and accommodation, news reading, email cloud disk and photo beautification.

In terms of personal information collection: 10 types of apps are generally suspected of over collection of personal information, 59 types of apps are suspected of over collection of 'location information', 28 types of apps are suspected of over collection of 'address book information' (see the table for details).

In terms of privacy policy: the content of 47 apps' privacy terms is not up to standard, of which 34 apps have no privacy terms. China Consumer Association said that in view of the typical problems found in this evaluation activity, it will interview and persuade the relevant app development managers to urge the enterprise to rectify and improve. At the same time, in view of the problems found in the evaluation, China Consumer Association proposed to strengthen the privacy protection legislation and other suggestions.

Interpretation of the report:

Multiple popular software 'fail'

According to the evaluation report, there is no significant difference between app store download channel and Android Market Download Channel in terms of information collection type and privacy policy, but the evaluation results of different types of apps and different brand apps in the same category are quite different. According to the evaluation results, APP scores of news reading, online shopping and transaction payment are relatively high, while app scores of financial management are the lowest, only 28.91.

However, in the specific app, the rating of multiple apps is only the lowest one star, which means that they haven't reached the passing level: in the communication category, one star is rated for "together", "smart idea", "friendly chat", "face-to-face chat" and "lily marriage"; in the video and audio broadcasting category, one star is rated for orange VR, mobile TV, 1905 movie network and magic video; Online shopping, love to rush to buy, search, happy to buy, famous and innovative products, and happy to buy are evaluated as one star; transaction payment, wing payment, Rui wallet, Alipay, Yinjia wallet are evaluated as one star; travel navigation, flying taxi passengers, Cao Cao special car, carpooling together, e-generation driving are evaluated as one star; Financial management, such as win in hand, micro loan network, industrial and Commercial Bank of China, home credit quick loan, suishouji, tonghuashun, immediate to account loan and Wukong financial management, accommodation tourism, ticket steward, Baicheng travel, Tianxun travel, 6-person travel and home travel, news reading, hand reading, focus and hand reading were rated as one star; E-mail cloud disk, 139 e-mail, Jinge e-mail, qinge-mail, 2980 e-mail, and Yilian security e-mail were rated as one star; photo beautification, poco camera, grapefruit camera, faceu Jimeng and Meimei camera were rated as one star.

The scores of small and medium-sized enterprises in all types of apps are significantly lower than those of common apps, which indicates that the privacy policies of small and medium-sized enterprises are missing or the design is obviously inadequate.

Excessive collection of personal information is serious

Many of the tested apps do not explicitly link the personal information they collect with the product functions they realize in privacy policies and other documents. Many of the personal information has no obvious relationship with the product functions that consumers usually understand, even beyond the reasonable range.

For example, Meitu Xiu Xiu App said in its terms that personal information needed includes user name, gender, telephone number, mailbox, date of birth, geographic location, ID card number, identifiable biological information and financial information (such as credit card number or bank account, WeChat payment or Alipay account information).

As for the definition of excessive collection of users' personal information, China Consumer Association explained in the report that travel navigation, travel and accommodation, online shopping apps have reasonable demands for users' personal location information to provide products and services based on location information, but for most social networking, video broadcasting, photography and beautification, news reading and financial management apps, users are called The location information of is not necessary for the provision of these services, which is suspected of excessive collection or use.

Bottom line of financial and financial app

According to the evaluation report, only half (53) of the apps in this evaluation have a total score of above pass, while 13 apps have a score of below pass, and more than one third (34) have a score of 0, that is to say, the privacy terms of personal information have not been published to users.

The evaluation results show that the typical problems existing in the current privacy terms are as follows: the privacy terms are not clear in general, and there is no clear description of the purpose, method, scope, retention period, and location of collecting and using personal information; the privacy terms are not actively displayed to users, or the content of the display is obscure and lengthy; the users are not given enough options when asking for their authorization and consent; There is no way for users to access, correct and delete personal information; a large number of personal information that is not directly related to the services provided is collected, and the provisions of the standard to minimize the collection of personal information are not followed.

For example, in the evaluation, Alipay App did not mark personal sensitive information in the category of information collected, and did not distinguish the core and additional functions, which led users to think that all the information collected was necessary. When China Construction Bank app collects personal sensitive information, although it generally informs the type and use of sensitive information, it does not tell which functions will be affected by refusing to provide it.

It is worth noting that in many indicators related to the collection of personal information, financial management app scores relatively low in this item.