Is the "theft" of JD Finance a "technical problem"? Privacy security has once again attracted attention.

In the second response, JD Finance acknowledged the problem and proposed a solution. Compared with the first response, the attitude has been quite positive. So, how did this problem come about?

Jingdong financial APP "steals" user privacy pictures.

On the afternoon of February 17, the official micro of "jingdong financial customer service" made a second response to the incident of "jingdong financial APP" stealing "user privacy" and proposed that three measures would be taken immediately:

(Screenshot from "Jingdong Financial Customer Service" official micro)

When Unicorner Finance contacted Jingdong Finance to verify the progress of the implementation of the Measures, the other party did not give a clear answer.

Previously, on February 16, the video of Weibo blogger "A Mu, the hero with the missing thin ribs" (hereinafter referred to as "A Mu") broke the news that the Jingdong Financial App was opened and put in the background, and then the screenshot of the bank App was taken in the bank App interface, and the screenshot of the bank App would appear in the file directory of the Jingdong Financial App in the file manager.

Wei, the official of "Jingdong Financial Customer Service", responded for the first time on the same day, stating that the image cache was originally for the convenience of users to take screenshots and communicate with customer service, and was not uploaded to the system.

(Screenshot from "Jingdong Financial Customer Service" official micro)

This response failed to win the support of many netizens, including the whistleblower blogger A Mu. In the second response, JD Finance acknowledged the problem and proposed a solution. Compared with the first response, the attitude has been quite positive. So, how did this problem come about?

Wrong requirement development?

When the official micro of "Jingdong Financial Customer Service" made the first response, the blogger "Hero A Mu" didn't buy it, thinking that the feedback function pre-cache called by Jingdong Financial Customer Service was unconvincing.

A Mu put forward the function of "screenshot feedback" from a technical point of view, which only needs to cache the original path of this picture, and does not need to copy an original picture. In addition, "Hero A Mu" further confirmed that JD Finance App would "steal" photos of beauty cameras, which obviously has nothing to do with the "screenshot feedback" function, and things are probably not what JD Finance said.

The second response of "Jingdong Financial Customer Service" official micro confirmed the realization of "screenshot feedback" function, without using local mobile phone cache. Jingdong Financial App has technical problems in the development of customer service feedback function, which belongs to demand error development.

Mr. K (a pseudonym), a computer technology expert, told Jiaodu Finance that "general development needs peer review, and it is only released after peer review. It is hard to believe that this was an accident. "

"I didn't upload photos and screenshots privately." In both responses, JD Finance emphasized this point.

Lawyer Zhu Jing, a senior partner of Shanghai Jiuze Law Firm, said that if Jingdong Finance obtains the pictures in the mobile phone memory without the user's consent, it is beyond the reasonable scope. If so, it is suspected of violating the protection provisions of the Consumer Protection Law on consumers' right to know and choose.

Lawyer Li Ya, a partner of Beijing Wen Zhong Law Firm, added that it is illegal to obtain citizens' personal information without consent or beyond the scope, and it also violates the relevant provisions of the Electronic Commerce Law and the Cyber Security Law.

"If the user's personal information or privacy is leaked due to his behavior, he shall be liable for mental loss or material loss. For example, the act of' stealing' pictures did happen, and we know the act of stealing pictures subjectively. If it reaches a certain amount, it is suspected of a criminal offence. " Zhu Jing said so.

What is the solution to privacy security?

A netizen left a message under Weibo of "Hero A Mu": "It would be terrible if you really stole the soap slices (photos)".

During the fermentation of Jingdong Financial App event, the problem was the Android mobile phone, which even triggered the discussion of "whether to give up using domestic mobile phones". In fact, there is no possibility of "privacy leakage" even if it is an Apple mobile phone with non-Android system.

Just last month, it was reported that Apple users had security holes, and iCloud allowed strangers to read other people's notes stored on Apple phones. In addition, there is a big BUG in the FaceTime group dialogue function on the iOS 12. 1 system. When a user makes a call with the FaceTime function, he can hear the voice of the other party before the other party refuses to connect, and the user may be in a state of being monitored at any time. After the first problem appeared, it was quietly fixed by Apple, and the last problem, which Apple said at that time, was updated and solved within one week.

On March 26th last year, the China High-level Development Forum was held in Beijing. Li Yanhong, chairman and CEO of Baidu, said in his speech, "China people are more open and less sensitive to privacy issues. In many cases, they are willing to exchange privacy for convenience. Then we can do something with the data. " This remark caused a condemnation on the Internet. CCTV issued a document saying that even if domestic users are accustomed to giving up privacy for the sake of efficiency, they are not "willing" but "forced"!

Some insiders pointed out that there are many apps on mobile phones, and some mobile apps "steal" user information, which has become one of the main channels for personal information disclosure. Just like the financial App loan treasure that once appeared, a large number of nude photos of girls are even publicly sold online. The disclosure of personal privacy by mobile App can be seen from this.

Jingdong Finance was pushed to the forefront because it was questioned to "steal" user privacy. Although there is no real hammer to show that the pictures cached by Jingdong Financial App have been "stolen" and uploaded, it has also caused many people to worry that their privacy has been stolen by mobile App applications.

How to avoid the disclosure of privacy? Yang Hui, technical director of Tianchuang Credit, believes, "First of all, users should not agree easily when installing an APP or requesting the permission of an app. Carefully choose the scenes to use together. Relatively speaking, Apple's mobile phone access control is better than Android. "

What if it is leaked? "After the privacy was leaked, the data was kept. If the leak is confirmed, you can take a screenshot for evidence at this time, and then contact customer service to delete it. " Yang Hui said so.

One of the keys is how to "confirm the leak"? Yang Hui said, "For non-technical personnel, it is impossible to confirm in most cases. For professionals, you can confirm whether there is data uploaded by grabbing the package and reversing it. "

Of course, if users suffer losses due to privacy disclosure, lawyers can complain to relevant departments. If the losses are large, you can also safeguard your legitimate rights and interests through litigation procedures.