有意還是無意？一加手機正在收集用戶敏感數據

據外媒報道，由中國深圳生產的一加手機（運行的系統為OxygenOS系統）正在靜默的收集用戶數據，而且收集的數據範圍有點大……

其實，手機廠商收集用戶數據是很正常的一件事，他們需要識別用戶，分析用戶設備是否存在問題以及及時的推送修復方案等等，這些全是出於提升用戶體驗和產品質量而出發的。但是為什麼外媒會指責一加手機搜集用戶設備呢？

電話號碼也收集？！

據國外安全研究員ChristopherMoore 發布的博客稱，一加手機會持續不斷的收集用戶數據，並發送至一加的伺服器。通過劫持並分析這些網路流量，Moore 驚奇的發現了如下信息：

{

"ty": 3,

"dl": [

{ "id": "258cfeb1",

"en": "screen_off",

"ts": 1484177517017,

"oed": [],

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, {

"id": "258cfeb1",

"en": "screen_on",

"ts": 1484177826984,

"oed": [],

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, {

"id": "258cfeb1",

"en": "unlock",

"ts": 1484177827961,

"oed": [],

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, {

"id": "258cfeb1",

"en": "abnormal_reboot",

"ts": 1484178427035,

"oed": [],

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, ...

]}

繼續分析，發現了更可怕的信息，IMEI、手機序列號一覽無餘。

{

"ty": 1,

"dl": [

{

"ac": "",

"av": "6.0.1",

"bl": 82,

"br": "OnePlus",

"bs": "CHARGING",

"co": "GB",

"ga": 11511,

"gc": 234,

"ge": 6759424,

"gn": 30,

"iac": 1,

"id": "258cfeb1",

"im": "123456789012345,987654321098765",

"imei1": "123456789012345",

"it": 0,

"la": "en",

"log": "",

"ma": "aa:bb:cc:dd:ee:ff",

"mdmv": "1.06.160427",

"mn": "ONE A2003",

"nci": "23430,",

"ncn": ",",

"noi": "23430,",

"non": "EE,",

"not": "LTE,",

"npc": "gb,",

"npn": "07123456789,07987654321",

"nwa": "aa:bb:cc:dd:ee:ff",

"nwb": "ff:ee:dd:cc:bb:aa",

"nwh": false,

"nwl": 0,

"nws": ""CHRISDCMOORE"",

"ov": "Oxygen ONE A2003_24_161227",

"pcba": "",

"rh": 1920,

"ro": false,

"romv": "3.5.6",

"rw": 1080,

"sov": "A.27",

"ts": 1484487017633,

"tz": "GMT+0000"

}

]}

{

"ty": 2,

"dl": [{

"id": "258cfeb1",

"pi": 12795,

"si": "127951484342058637",

"ts": 1484342058637,

"pn": "com.android.chrome",

"pvn": "55.0.2883.91",

"pvc": 288309101,

"cn": "ChromeTabbedActivity",

"en": "start",

"aed": [],

"sa": true,

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, ... {

"id": "258cfeb1",

"pi": 4143,

"si": "41431484342115589",

"ts": 1484342115589,

"pn": "com.android.systemui",

"pvn": "1.1.0",

"pvc": 0,

"cn": "RecentsActivity",

"en": "stop",

"aed": [],

"sa": true,

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, {

"id": "258cfeb1",

"pi": 26449,

"si": "264491484342115620",

"ts": 1484342115620,

"pn": "com.android.settings",

"pvn": "6.0.1",

"pvc": 23,

"cn": "WifiSettingsActivity",

"en": "start",

"aed": [],

"sa": true,

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, ... {

"id": "258cfeb1",

"pi": 2608,

"si": "26081484346421908",

"ts": 1484346421908,

"pn": "com.android.settings",

"pvn": "6.0.1",

"pvc": 23,

"cn": "Settings",

"en": "start",

"aed": [],

"sa": true,

"it": 0,

"rv": "OnePlus2Oxygen_14.A.27_GLO_027_1612271635"

}, ... ]}

總結一下，一加收集的信息大致包含如下：

用戶電話號碼

MAC地址

IMEI和IMSI碼

移動網路名稱

無線網路ESSID和BSSID

手機序列號

解鎖手機和上鎖手機的時間戳

打開和關閉應用的時間戳

開屏和關屏的時間戳

可想而知，上面的這些信息已經非常詳細了，用於識別用戶、提升產品品質的話，已經綽綽有餘。而且，一加手機也沒有提供任何選項來禁用這些行為。

Moore已經將這一問題提交給了一加技術支持，但是目前為止還沒有收到回復。去年7月，安全工程師Tux也發現並公開了同樣的問題，但是被一加忽略了。

解決辦法

喜歡這篇文章嗎？立刻分享出去讓更多人知道吧！

本站內容充實豐富，博大精深，小編精選每日熱門資訊，隨時更新，點擊「搶先收到最新資訊」瀏覽吧！

請您繼續閱讀更多來自 嘶吼RoarTalk 的精彩文章: