2020-07-16

3.15 party exposes the thief plug-in in your mobile phone:your text messages can be passed away, including online transaction verification codes

By yqqlm yqqlm

Source:CCTV Finance

SDK is a plug-in that provides a certain function or service in mobile phone software. In November 2019, it was commissioned by the Shanghai Consumer Rights Protection Commission The third-party company conducted a special test on the SDK plug-in in some mobile phone software, but found that some SDK had hidden mystery.

Technicians have tested more than 50 mobile phone software, these software contains SDK plug-ins of Shanghai Krypton Information Technology Co., Ltd. and Beijing Zhaocai Wangwang Information Technology Co., Ltd., these two plug-ins, There are suspects of secretly stealing user privacy without the user’s knowledge, involving Gome Easy Card, remote control, the strongest flashlight, universal remote control, 91 speed purchase, daily recycling, flash to, radish mall, Zijin Pratt & Whitney, etc. More than 50 mobile phone software.

Inspector:”It will read the IMEI, IMSI, operator information, phone number, SMS records, address book, application installation list and sensor information of this device.”

The SDK in these apps is only the first step to read the user’s private information. After reading, the data will be quietly transmitted to the designated server for storage. Beijing Zhaocai Wangwang Information Technology Co., Ltd.’s SDK is even suspected of stealing users’ more private information through various software such as recipes, parent help, and live wallpapers.

Tester:”The user’s contacts, text messages, location, device information, etc. will be collected without the user’s consent. Especially the text messages and text messages are all sent away, this is very serious.” < /p>

Introduction of testing personnel, because the SDK can collect the user’s text messages and application installation information, once the user has obtained the verification code of the network transaction, it is very likely to cause serious economic losses.

In addition, although the SDK is just a seemingly ordinary plug-in, but because it is universal for all mobile apps, many mobile phone software may be embedded in the same SDK, so once an SDK steals the user personally Privacy will involve many mobile phone software. In addition to the embedded SDK plug-in, the staff also found that some well-known mobile APPs also collect user privacy, involving cool tone ringtones, mobile ringtones, ringtones and other software.