Recently, once exposure "12306 leak" user typcn in twitter in the documents, said: Alipay Android version exists theft of user privacy, the "Alipay Android version every X minutes (server specified) will open the camera to take pictures in the background, recording X seconds and then uploaded to the server, but also there are contacts, call history, near the base station and WiFi and other information. "
typcn to send a Twitter say it, sparked heated debate. typcn The argument has been confirmed by follow-up and a large number of users. Some netizens provide pictures, exposed the process Alipay photographed. Of course, there are users that Alipay there was no incentive to do so, taking pictures without any real benefit for the recording Alipay is. Some users questioned typcn failed to come up with substantive evidence.
February 23, aspect by Alipay official microblogging comment on that individual's social platform "Alipay for Android privacy door" topic, did not elaborate with "argument", wear a "privacy door" hat, plus a variety of techniques noun packaging, may indeed lead to misunderstanding and fear of ordinary users. Alipay permissions apply only to business needs, and do not collect additional information and background operation, but will not infringe, disclose any information about user privacy.
Just the majority of users believe that this incident died down this time, February 24, Ali Baba, a senior security experts situ determination of a response to "Do BB, grading over 100,000 cash to take it," turn this event to introduce another climax .
Yun Shu, the industry's leading security experts. In 2005 joined the Green League, the 2006 starting Yahoo in 2008, joined Alibaba Group, Alibaba is currently a senior security experts.
The first reaction is ridiculous and pathetic. There is no substantive evidence that he saw a little superficial, then use plain simple logic to speculate, and finally to express language to attract attention. In such a computer professional disciplines inside, there is no doubt this thing is ridiculous. However, there are a large number of users convinced, also said the country may allow Alipay so dry, feel deep sorrow.
"Do BB, grading over 100,000 cash take it," A penny saved is in what kind of situation to write?
At that time already know almost pan fried, not only in the discussion called "Secretly Recorded or Photographed a few" problem, Tomorrow, "dedication blessing", "costs of electricity", "mutual Start" and other things all mixed together said.
Faced with the angry crowd, I do not have a technical explanation, because the public do not understand, so I try to use simple logic to demonstrate. The first is the legal risk, I still believe that no one company dare risked endangering national security to risk jail to do this totally unproductive thing in the world. The second is Ali is not without competitors, 360, Tencent, Baidu Ali which one do not want to seize the handle, there is a similar problem to analyze and they will not sue it? But did not play any effect, I do not think we talk about technology, it is begging the question. So I want to destroy Huanglong, addressing the root causes of the problem, let everyone know who put forward the argument is not professional, work attitude, and the way the arguments themselves are not correct, and that is directly sponsored technical challenges, I am willing to pay more Great price, for each other relatively small price, this asymmetric bet to make everyone understand that argument is wrong.
In fact, not long ago, it was forced to publicly slander Alipay user's purchase history, was also a lot of people follow voting with their feet, followed by booing. Later, I understand that they made a mistake. But a few months later, the same thing once again, the same view is wrong, unprofessional argument, anger and irrational people. This is known as the senior elite know almost happened! So, in a very angry at the situation, he wrote the article. I believe that they have someone in the analysis, and I am looking forward to a professional analysis.
Finally, I am now recognized GCD say, people know the truth of blabla. In many cases, people are like, like sardines, but I can not do anything, can not change anything.
You said in response to the computer is a technical subject, but in this incident, and there is no substantial evidence, but there are friends, said, "Alipay has about 1/4 of the code is dynamically loaded, Alipay libs inside so file , but it was not dynamic library, it is a a complete aPK, or some so remote from his server load, but in fact those so files are all apk, apk has a complete structure, drawable, dex have, these apk dynamically inserted into the main program execution. this highly dynamic process, the possibility of evidence have been caught close to zero, "and how do you respond?
Response is simple, then again, the early Gansha go? If you really want to expose a truth, is it not a good sample should quietly saved with a digital signature, the professional and detailed analysis, professional analysis report and submit it? Or that there is no technical but want to have a big news, so can not wait to scrawl? Secondly, a professional security researcher, you told me something dynamic loading analysis can not? When I do this a few years that technology, even the dynamic loading of horses have not seen it? Analysis of those things is how?
User question: Alipay in a statement or evade the "Start (and regular) application to use the camera, recording privilege" because, under normal circumstances, to apply for permission at the user clicks, the use of related functions App will apply the relevant authority (eg, click scan code will apply when using the camera permission), Alipay is why in the case of pre-application permissions the user does not operate? And apply a high frequency?
This is also very simple, write code SB chant. It estimated to be thinking about the brain Xiudou user, first apply for permission to have a good result garbage mess cook.
For the content of the other technical personnel, although the authenticity has not been verified, there is no wonder why we do not believe that this would be so real to confirm the contents, and almost one-sided?
Three reasons mixed together. Alipay Ali is a well some things are not good enough, not sufficient for the majority of users to consider. For example, many users mentioned another wake-up, start card, living area and the like, accumulated grievances. The second herd, join in the fun, from the booing. The third is to help some companies engage in a practice of PR.
Whether IT era, or the era of big data, and the times or DT, user data security has been the focus, how do you think a reasonable application of the user's data?
Like Apple did, the courage and against the government. Finds such a truth: "the user's data is stored in the user's location is not necessarily there, but ownership is only part of the user."
For now, do you think Ali products to users what you think irregularities, irrational logic?
My own trial process, whether or Alipay nails, start very card. Followed by some very good experience, for example, Alipay payment code, the collection code every time thinking for a long time, there is something else, such as the living area and the like. Overall, the user experience is still a long way to go.
No matter what purpose, what do you think this incident is the fuse?
Fuse not know.
This article was published, the company whether your response statement? What kind of impact this article I have for you?
The company does not have any sound to convey to me because this is my personal behavior. I seem to have boarded the company's internal search hot list, but fortunately this is not the first time that I used to.
Why do I always get out of these things, there is no relationship with the company values, with my personal values related. That is to see the wrong, I am going to criticize. I scolded colleagues in the microblogging, but also within the company vice president scolded. I think the technical people would like this, no matter who it is, how high position, regardless of the company disputes inclusive cooperation, I just the truth.
Seriously, if Alipay photographed a few minutes, I'll resign, never into Ali. If someone says a few micro-channel photographed once, as I will stand up and tell them impossible.
So far, if someone has already challenged the hundreds of thousands of your bounty of it?
not yet. But I know if someone is doing the analysis, but they are not for the money, they are rich. They are the technology itself.
