有意还是无意?一加手机正在收集用户敏感数据
导语:据外媒报道,由中国深圳生产的一加手机(运行的系统为OxygenOS系统)正在静默的收集用户数据,而且收集的数据范围有点大……
据外媒报道,由中国深圳生产的一加手机(运行的系统为OxygenOS系统)正在静默的收集用户数据,而且收集的数据范围有点大……
其实,手机厂商收集用户数据是很正常的一件事,他们需要识别用户,分析用户设备是否存在问题以及及时的推送修复方案等等,这些全是出于提升用户体验和产品质量而出发的。但是为什么外媒会指责一加手机搜集用户设备呢?
电话号码也收集?!
据国外安全研究员ChristopherMoore 发布的博客称,一加手机会持续不断的收集用户数据,并发送至一加的服务器。通过劫持并分析这些网络流量,Moore 惊奇的发现了如下信息:
{
"ty": 3,
"dl": [
{
"id": "258cfeb1",
"en": "screen_off",
"ts": 1484177517017,
"oed": [],
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, {
"id": "258cfeb1",
"en": "screen_on",
"ts": 1484177826984,
"oed": [],
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, {
"id": "258cfeb1",
"en": "unlock",
"ts": 1484177827961,
"oed": [],
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, {
"id": "258cfeb1",
"en": "abnormal_reboot",
"ts": 1484178427035,
"oed": [],
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, ...
]
}
继续分析,发现了更可怕的信息,IMEI,手机序列号一览无余
{
"ty": 1,
"dl": [
{
"ac": "",
"av": "6.0.1",
"bl": 82,
"br": "OnePlus",
"bs": "CHARGING",
"co": "GB",
"ga": 11511,
"gc": 234,
"ge": 6759424,
"gn": 30,
"iac": 1,
"id": "258cfeb1",
"im": "123456789012345,987654321098765",
"imei1": "123456789012345",
"it": 0,
"la": "en",
"log": "",
"ma": "aa:bb:cc:dd:ee:ff",
"mdmv": "1.06.160427",
"mn": "ONE A2003",
"nci": "23430,",
"ncn": ",",
"noi": "23430,",
"non": "EE,",
"not": "LTE,",
"npc": "gb,",
"npn": "07123456789,07987654321",
"nwa": "aa:bb:cc:dd:ee:ff",
"nwb": "ff:ee:dd:cc:bb:aa",
"nwh": false,
"nwl": 0,
"nws": ""CHRISDCMOORE"",
"ov": "Oxygen ONE A2003_24_161227",
"pcba": "",
"rh": 1920,
"ro": false,
"romv": "3.5.6",
"rw": 1080,
"sov": "A.27",
"ts": 1484487017633,
"tz": "GMT+0000"
}
]
}
{
"ty": 2,
"dl": [{
"id": "258cfeb1",
"pi": 12795,
"si": "127951484342058637",
"ts": 1484342058637,
"pn": "com.android.chrome",
"pvn": "55.0.2883.91",
"pvc": 288309101,
"cn": "ChromeTabbedActivity",
"en": "start",
"aed": [],
"sa": true,
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, ... {
"id": "258cfeb1",
"pi": 4143,
"si": "41431484342115589",
"ts": 1484342115589,
"pn": "com.android.systemui",
"pvn": "1.1.0",
"pvc": 0,
"cn": "RecentsActivity",
"en": "stop",
"aed": [],
"sa": true,
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, {
"id": "258cfeb1",
"pi": 26449,
"si": "264491484342115620",
"ts": 1484342115620,
"pn": "com.android.settings",
"pvn": "6.0.1",
"pvc": 23,
"cn": "WifiSettingsActivity",
"en": "start",
"aed": [],
"sa": true,
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, ... {
"id": "258cfeb1",
"pi": 2608,
"si": "26081484346421908",
"ts": 1484346421908,
"pn": "com.android.settings",
"pvn": "6.0.1",
"pvc": 23,
"cn": "Settings",
"en": "start",
"aed": [],
"sa": true,
"it": 0,
"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"
}, ...
]
}
总结一下,一加收集的信息大致包含如下:
用户电话号码 MAC地址 IMEI和IMSI码 移动网络名称 无线网络ESSID和BSSID 手机序列号 解锁手机和上锁手机的时间戳 打开和关闭应用的时间戳 开屏和关屏的时间戳
可想而知,上面的这些信息已经非常详细了,用于识别用户、提升产品品质的话,已经绰绰有余。而且,一加手机也没有提供任何选项来禁用这些行为。
Moore已经将这一问题提交给了一加技术支持,但是目前为止还没有收到回复。去年7月,安全工程师Tux也发现并公开了同样的问题,但是被一加忽略了。
解决办法
幸运的是,安卓开发者Jakub Czekański已经找出了一种禁止这一行为。把手机连接至电脑并设置成USB调试模式,然后打开adb shell并输入pm uninstall -k –user 0 net.oneplus.odm,即可。