"Map Navigation" App Personal Information Collection Test Report Released

2024年9月29日 | admin | xwxq

CCTV News:According to the official account of "Netcom China", recently, the China Cyberspace Security Association and the National Computer Network Emergency Response Technology Coordination Center conducted tests on the collection of personal information by some apps that are widely used by the "map navigation" public. The test situation and results are as follows:

  Test object

  This test selected 19 app stores 1 "map navigation" apps with a cumulative download volume of 50 million times, a total of 3. The basic situation is as shown in Table 1.

  Table 1 Basic information of the 3 apps

  Test method

  The testing environment

  This test selects the same brand and model of mobile phone end point, installs the same version of Android operating system, deploys 3 apps respectively, and synchronizes operations in the same network environment.

  (2) Test scenarios

  To complete a map navigation activity as a test unit, including launching the app, searching for locations, and clicking navigation, three user usage scenarios, as well as background silent application scenario 2.

  (III) Test content

  This test includes three items: system permission call, personal information upload, and network upload traffic.

  III. Test results

  (1) System permission invocation

  The test found that the three apps invoked five system permissions such as location, device information, microphone, clipboard, and application list in four scenarios, and no other permissions such as calling camera and address book were found.

  (1) In the startup app scenario, the most types of system permissions are Autonavi Map and Baidu Map (both category 3), and the most number of system permissions are Baidu Map (127 times). The specific situation is shown in Table 2.

  Table 2 Start App Scenario Call System Permissions

  (2) In the search location scenario, when searching by text input, the most types of calling system permissions are Autonavi Map and Baidu Map (both category 2), and the most times of calling system permissions are Tencent Map (123 times); when searching by voice interaction pattern, the most types of calling system permissions are Baidu Map (category 4), and the most times of calling system permissions are Tencent Map (217 times). The specific situation is as shown in Table 3.

  Table 3 Search location scenario invocation system permissions

  (3) In the click-to-navigate scenario, the most types of system permissions are Autonavi Maps and Baidu Maps (both category 2), and the most number of system permissions are Tencent Maps (62 times). The specific situation is shown in Table 4.

  Table 4 Click on the navigation scene to invoke system permissions

  (4) In the background silent scenario, the types of system permissions invoked by the three apps are all 2, and the most frequent calls to system permissions are Tencent Maps (282 times). The specific situation is shown in Table 5.

  Table 5 Background silent scenario invocation system permissions

  (2) Upload of personal information

  The test found that the three apps uploaded five types of personal information: ① location information, including latitude and longitude, street address, currently connected Wi-Fi MAC address, currently connected base station information, surrounding available base station information, and surrounding available Wi-Fi MAC address; ② unique device identification code, including Android ID (Android ID), mobile phone MAC address; ③ clipboard content information, mainly location sharing links; ④ application list information, including installed, newly installed and newly uninstalled application information on the mobile phone; ⑤ location information, mainly location name, including text or voice form.

  (1) In the startup app scenario, the most types of personal information uploads are Autonavi Maps and Baidu Maps (both categories 3). The specific situation is shown in Table 6.

  Table 6 Upload of personal information in the startup app scenario

  (2) In the search location scenario, when searching by text input method, the most types of personal information upload are Autonavi map and Tencent map (both 3 categories); when searching by voice interaction pattern, the most types of personal information upload are Baidu map (4 categories). The specific situation is as shown in Table 7.

  Table 7 Search location scenario personal information upload

  (3) In the click-to-navigate scenario, the most types of personal information uploads are Autonavi Maps and Baidu Maps (both categories). The specific situation is shown in Table 8.

  Table 8 Click on the navigation scene personal information upload situation

  (4) In the background silent scene, the most types of personal information uploads are Autonavi maps (category 3). The specific situation is as shown in Table 9.

  Table 9 Background silent scene personal information upload

  (3) Network upload traffic

  (1) The test found that when the user completes a map navigation activity through text input (starting the app, searching for the location through text input, and clicking on the navigation), the average upload data traffic of the three apps is Tencent Maps, which is about 2584KB; the average least is Baidu Maps, which is about 889KB. The specific situation is shown in Figure 1.

  Figure 1 Average upload data flow of a map navigation activity completed by text input (unit: KB)

  (2) The test found that when the user completes a map navigation activity through voice interaction pattern (start the app, search for the location through voice interaction, click navigation), the average upload data traffic of the three apps is Tencent map, which is about 2242KB; the average is Baidu map, which is about 756KB. The specific situation is shown in Figure 2.

  Figure 2 Average upload data flow of a map navigation activity completed through voice interaction pattern (unit: KB)

  (3) The test found that the background of the three apps was silent for 12 hours, and the average upload data traffic was Tencent map, which was about 7830KB; the average was Autonavi map, which was about 1363KB. The specific situation is shown in Figure 3.

  Figure 3 Average upload data flow after 12 hours of background silence (unit: KB)

  Note:

   1 Including Huawei App Store, Xiaomi App Store, Tencent App Treasure, OPPO Software Store, VIVO App Store, 360 Mobile Assistant, Baidu Mobile Assistant, Pea Pod Mobile Assistant, Liqu App Store, Le Store, Meizu App Store, Mobile MM Store, Pacific Download, Zhongguancun Online, Muant Android App Store, Duote Software Station, Huajun Software Park, Xixi Software Park, Green Resource Network.

   2 Start App means that the user clicks the icon to the main interface to load; search location means that the user searches for a specific location through text input or voice interaction pattern, clicks and loads the location details; click navigation means that the user clicks the navigation button to the navigation interface to load; background silence means that after the user starts the App, the App is directly switched to the background to maintain silent operation.

   The test was repeated 10 times in total.

     The test was repeated 10 times in total.

     The test was repeated six times in total.

  Source: "National Internet Emergency Response Center CNCERT" WeChat official account