Let’s see what you’ve done secretly behind your app

In the latest version of the operating system of Xiaomi mobile phone-MIUI12, there is a function called “flare”. As the name implies, this function is to expose some of the things in the dark to strong light, so that users can see it at a glance.

In the “flare”, users can see the specific behavior of an application “self-starting”, being activated by other applications, and reading device data. The mobile phone app’s originally unknown actions are at a glance.

Screenshot of the MIUI12 flares function part, the left side is the self-starting situation of the App, and the right side is the wake-up situation of the App

Join Us On Telegram Channel




Follow Us on Facebook 

Individual applications “repeatedly jump” in the background, frequently launching various “family bucket” applications and reading user privacy information. These issues have caused many people in the digital circle and product circle to discuss on social networks. Why do these apps repeatedly flash data in the background? For developers, what are the benefits of self-starting and reading data? How should ordinary users prevent it?

Brush users, collect data, what is the purpose of APP launch?

App self-launch is actually nothing new. The Android platform also gives developers this ability, but this ability is often abused in the commercial context.

To understand the self-starting of App, we must first understand the core of Android. It is an open and open source platform that seeks to be used by as many devices as possible. So for Android, what it wants to cover is not only the mobile phone market but many scene-oriented devices like advertising machines and self-service ticket buying machines are also Android’s prey.

If you want to harvest more application scenarios, you need to have enough interface support. For devices such as advertising machines, it is just necessary to automatically enter the application upon startup, and plug and play is required. Therefore, Android supports application self-starting at the beginning of design, and the required apps can be implemented by simply calling the API interface.

Android’s original intention is good, but it is broken by some developers. Since it can be started automatically, some apps start to use the API interface to start their own secretly, on the one hand, DAU (daily user), on the other hand, collect data in the background.

Generally speaking, the apps of large companies are subject to more supervision and will be relatively standardized. The purpose of self-starting is to better serve users. In comparison, some small companies will have more wild applications.

For example, secretly start microphone monitoring or recording, or visit the album to obtain private photos and so on. These user data will be packaged and sold, and may even be sold to the black industry . In this way, users not only face the risk of privacy leakage, but also are more likely to be threatened by personal and property security.

Waking up to each other: the culprit of stuttering and fever

The opening of Android has brought a lot of “play”, the most typical of which is the dual process of App. The simple understanding is that when the user starts the App, two processes of the App are started at the same time. When the user closes the app, one process is killed and the other is still running in the background.

The purpose of this operation is actually the same as self-starting: swiping DAU and taking user data. Both of them have the same problems for users: privacy leakage. In addition, because the process of “unkillable” has been running in the background, the user’s mobile phone will soon become hot and stuttered. It needs to be shut down and restarted, and the experience of use has plummeted.

In addition to keeping alive and refreshing, apps can wake up each other and exchange data. For example, social app data is useful for online shopping apps. Through the pulling of the relationship chain, it is possible to accurately carry out user portraits and identify purchase needs.

However, this kind of data exchange operation occurred on the user’s mobile phone through the API interface before the giants did not form an ecology. With the ecology, especially after companies have begun to establish a middle office, the exchange of user data has slowly shifted to the server level.

What should I do after “lighting”?

With so many ways to play, you feel invincible? In fact, the most basic and effective prevention is the user’s control of App permissions. If the app does not have access rights, it will be in vain how many times it starts every day.

But not all people have the awareness and ability to pay attention to the rights management of mobile phones, especially for the elderly. Therefore, the regulator and the platform need to take responsibility together.

MIUI is an important fulcrum for the commercialization of Xiaomi, so from a commercial perspective, Xiaomi is motivated to do this. The “Light Flare” feature does indeed bring reminders to the compliance of apps on the MIUI platform. Who initiated it, who initiated it, and whose activation request was rejected by the system … The information that should have been known to the user is now clearly displayed.

After the launch of the “Fluorite”, Xiaomi received a lot of praise, but some people said that it was a gimmick, because it did not fundamentally solve the problem. Even Xiaomi may not have the courage to completely rectify the illegal apps before putting them on the shelves. In addition, most people may not even realize what the flares light up. Therefore, regarding user data protection and business ethics improvement, relying on the self-restraint of the enterprise is only the starting point. This event can only be completed by the awakening of more users.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Most Popular

To Top