Operating system and application store dispute: where is the boundary between user security and barbaric growth?

近年来,互联网企业为争夺入口和流量频现不正当竞争纠纷,争议领域逐渐向移动互联网延伸。2016年12月,安智市场以华为手机安全提示构成不正当竞争为由在海淀法院提起了诉讼,要求华为赔礼道歉并赔偿50万元。
In recent years, Internet companies to compete for entrance and flow are frequent disputes over unfair competition disputes gradually extended to the mobile internet. In December 2016, the Android Market to HUAWEI mobile phone security tips constitute unfair competition on the grounds of the Haidian court proceedings, asked HUAWEI for an apology and compensation for 500 thousand yuan.

韩国检出新型禽流感病毒 已扑杀三千多万只家禽

根据安智起诉状,用户在通过浏览器下载安智市场APP及部分游戏APP时,华为手机操作系统会弹出“该应用未经华为应用市场检测,请谨慎安装”提示,用户选择“我已充分了解风险,继续安装”后,会弹出安全提示“该应用未经华为市场安全检测,请谨慎安装。继续安装或使用可能造成设备损坏或数据丢失。”

大数据时代,泛员网如何打造人事信息数据安全屋?


According to the Android complaint, users download the Android Market APP and APP part of the game through the browser, HUAWEI mobile phone operating system will pop up the application without HUAWEI’s application market testing, please be careful when installing the prompt, users select I have fully understood the risk, to continue the installation, will pop up the application of safety tips without HUAWEI market safety testing, careful installation. Continue installation or use may cause damage to the device or data loss.
网络安全公益短片之高级持续性威胁APT防范基础
测试发现,用户在提示界面点击继续按钮后可以正常安装应用,用户不主动点击官方推荐按钮的情况下,华为手机操作系统也不会主动推荐相关程序。华为的安全提示行为恐难称之为不正当竞争,安智起诉的醉翁之意并不在酒。
The test found that the user can click on the button to continue after the user interface to install the application, the user does not take the initiative to click on the official recommendation button, HUAWEI mobile operating system will not actively recommend the relevant procedures. HUAWEI safety tips act called converting unfair competition, BASF prosecution not deliberate on the wine.
手机厂商接连受到第三方应用商店狙击
Mobile phone manufacturers have been subject to third party app store sniper
近年来,手机厂商应用商店市场份额增长迅速。荷兰数据研究机构NEWZOO数据显示,截至2016年10月,腾讯、360和百度三家依然然占据安卓应用商店近60%的市场份额,但小米、华为、OPPO、VIVO等手机厂商正在迎头赶上。同2015年9月相比,第三方应用商店市场份额已从82%下降至70.23%,手机厂商应用商店市场份额从30%上升至42.24%。
In recent years, the rapid growth of mobile phone manufacturers market share. The NEWZOO data of Holland institutional research data shows that as of October 2016, Tencent, Baidu 360 and three still occupy the Android application store nearly 60% market share, but millet, HUAWEI, OPPO, VIVO and other mobile phone manufacturers are catching up. Compared with September 2015, the third party application store market share has dropped from 82% to 70.23%, mobile phone application store market share rose from 30% to 42.24%.
从市场占有率和活跃用户增长速度来看,华为应用市场和小米应用商店均稳居手机厂商应用商店前两位,因此也成为第三方应用商店重点狙击的对象。除了前面提到的安智诉华为案,2016年3月,360同样以安装软件时弹出安全提示构成不正当竞争,对小米提起了不正当竞争诉讼。
From the market share and growth rate of active users, HUAWEI application market and millet app store app store mobile phone manufacturers are ranked the top two, it has become the object of the third party application store key sniper. In addition to the previously mentioned case of HUAWEI, March 2016, the same 360 to install the software when the pop-up security tips constitute unfair competition, filed a lawsuit against unfair competition millet.
安全性是安卓应用商店无法回避的软肋
Safety is the Android app store unavoidable weakness
第三方应用商店之所以对 “安全提示”如此敏感,部分是因为安全性一直是安卓平台无法回避的软肋。
The third party application store is so sensitive to the safety tips, in part because safety is always unavoidable weakness of Android platform.
首先,99.6%的移动互联网恶意程序通过安卓应用商店传播。2015 年,国家互联网应急中心通过自主捕获和厂商交换获得移动互联网恶意程序数量近 148 万个,较2014 年增长 55.3%。恶意程序主要出现于应用下载渠道分散且不易管理的安卓平台,占比达 99.6%以上。据国家互联网应急中心统计,129家安卓应用商店发布的4372551个APP中,包含有8917个恶意应用,平均检出率为千分之二,典型的恶意行为包括资费消耗、流氓行为、恶意传播、诱骗欺诈、恶意扣费、隐私窃取等。
First, 99.6% of mobile Internet malware spread through the Android app store. 2015, the national Internet emergency center through independent capture and vendor exchange to obtain the number of mobile Internet malicious programs nearly 1 million 480 thousand, an increase of 55.3% compared to 2014. The malicious program mainly appears in the application download channels scattered and difficult to manage the Android platform, accounting for more than 99.6%. According to the national Internet Emergency Center statistics, 4372551 APP 129 Android app store release, contains 8917 malicious applications, the average detection rate was 2\/1000, the malicious behavior typically include tariff consumption, malicious hooliganism, communication, phishing fraud, malicious chargeback, privacy theft etc..
其次,安卓应用商店成为手机病毒传播的最主要渠道。2015 年,国内Android 病毒包数量也出现迅猛增长,全年新增病毒包 1670.4万。从手机病毒的传播渠道来看,由于国内应用市场下载渠道分散,且各渠道审核标准高低不同,造成应用市场仍是手机病毒传播的最主要渠道,占比达到 20%。
Secondly, Android application store has become the main channel for the spread of mobile phone virus. 2015, the number of domestic Android virus package also appears to grow rapidly, the new virus package 16 million 704 thousand. From the mobile phone virus transmission channels, because the domestic application market download channel dispersion, and each channel audit standard level of the main channel caused by the application of the market is still the spread of mobile phone virus, accounted for 20%.
再次,第三方应用市场普遍存在应用重新打包和修改权限的问题。西安交通大学课题组对从安智市场等五家第三方应用市场上随机抽取的150个应用中进行了监测,同官方网站版本相比,33.17%的应用进行了重新打包,其中19.58%的应用修改了权限。在修改过权限的应用中,45.95%存在越权行为,27.03%%存在滥用权限行为。
Again, the third party application market is widespread application of re packaging and modify permissions. The research group of Xi’an Jiao Tong University were monitored from the 150 application of the Android Market and other five third party applications on the market were randomly selected, compared with the official website version, 33.17% applications are packaged in 19.58%, the application to modify the permissions. In the application of the modified permissions, there are 45.95% ultra vires, abuse of authority behavior 27.03%%.
大批组织尝试使用“网络安全挑战赛”来吸引和刺激员工对信息安全的关注。
最后,第三方应用商店审核不严助长了恶意软件的传播。据TechWeb媒体测试,包含偷跑流量、窃取用户通讯录等功能的恶意软件均能够顺利通过安智市场等第三方应用商店的审核上架发布。
Finally, the third party application store audit lax promote the spread of malicious software. According to TechWeb media test, including sneak flow, steal the user mail list and other functions of the malicious software can release shelves smoothly through the Android Market Application store and three party audit.

即时通讯+房产百科:掌上链家6.2新版评测

手机厂商围绕用户安全构建生态系统
Mobile phone manufacturers around the user to build ecological security system
国内尚不存在政府或权威第三方主导的安卓应用检测认证机制,在数字签名等制度普及之前,为了保护用户安全、确保用户体验,部分手机厂商选择了自主设定并执行更为严格的安全审核标准,从应用入口开始建立基于操作系统的安全生态,华为是其中最典型的代表。
There is no domestic Android application testing and certification mechanism of government authority or third party dominant, before the popularity of digital signature system, in order to protect the safety of users, ensure that the user experience, some mobile phone manufacturers chose to set and implement more stringent security audit standards, began to establish the ecological security operating system based on the application from the entrance, HUAWEI is the most typical representative.
根据华为发布的报告,华为应用市场采用了“技术保障+人员保证+端云协同能力保障+资金保障”四重安全体系,从开发者认证-应用提交-审核-上架等各个环节逐层把关,杜绝恶意应用。2016年上半年,华为应用市场审核了超过200000款应用,其中90000多款未通过安全审核,应用审核通过率仅为55%,审核标准之严可见一斑。
According to the report released by HUAWEI, HUAWEI’s application market using the technical support personnel to ensure the cloud synergy security funds security four security system, from the developer certification application submission – check – shelves each link layer checks to prevent malicious applications. In the first half of 2016, HUAWEI application market audit of more than 200000 applications, of which 90000 did not pass a variety of security audit, application audit pass rate was only 55%, the strict review of the audit standards.
鱼龙混杂的第三方应用商店增加了用户和手机操作系统的风险,华为的回应是,在用户安装未经检测证明安全可信的第三方应用商店时,给予必要的安全提示,这一做法却遭到了第三方应用商店的抵制。
The dragons and fishes jumbled together third party application store increases the risk of users and mobile phone operating system, HUAWEI’s response is in the user installed without testing proved safe and reliable third party application store, to give the necessary safety tips, this approach has been the third party application store boycott.
用户安全和野蛮生长之间的边界
The boundary between user security and barbaric growth
手机厂商和第三方应用商店的分歧并非简单的入口之争,而是代表了两种不同的理念:一方面是手机厂商建立行业标准和统一用户体验的努力,另一方面是第三方应用商店要求不受限制野蛮生长的权利。真正的问题在于,我们如何在二者之间划定适当边界?
The entrance of the dispute is not different mobile phone manufacturers and the third party application store is simple, but represent two different ideas: one is the mobile phone manufacturers to establish industry standards and unified user experience efforts, on the other hand is the third party application store requires unrestricted barbaric growth of rights. The real question is, how do we define the appropriate boundaries between the two?
问题并不那么容易回答,因为第三方应用商店和手机厂商的竞争并非发生在同一个层面。对第三方应用商店提供者而言,掌握流量就掌握了一切,而提供智能终端和操作系统的手机厂商,则需要对整个品牌和生态负责。
The problem is not so easy to answer, because the third party app store and mobile phone manufacturers do not compete at the same level. On the third party application store providers, master the flow of everything, while providing intelligent terminal and operating system of mobile phone manufacturers, you need to be responsible for the entire brand and ecology.
现有安全生态下,每一个潜在的恶意程序都可能成为用户投诉的对象。在庞大的用户基数上,每一个现实的投诉都会给手机产商造成经济和口碑上双重损失。设备稳定、数据安全、软件兼容、使用体验甚至产品责任等任何一个环节出现问题,都会直接影响产品销量和品牌形象,甚至危及手机厂商的存亡,三星公司的字库门和爆炸门都是沙滩上惨痛的教训。
Under the existing security ecology, each potentially malicious program may become the object of user complaints. In the huge user base, each of the real complaints will be caused by mobile phone manufacturers on the economy and reputation on the double loss. Equipment stability, data security, software compatibility problems, using the experience of product liability or even any of the links, will directly affect the product sales and brand image, and even endanger the survival of mobile phone manufacturers, Samsung Corp font gate and the explosive doors are on the beach a painful lesson.
如果我们认为手机厂商不能对用户安全放任自流,那么就不能要求手机厂商在用户安装可能增加安全风险的应用时只能袖手旁观。手机厂商作为智能终端的生产者、操作系统的开发者,在承担更大风险的同时,应当享有管理风险的权利,只要行使这种权利没有侵犯他人的合法权益、限制用户的自由选择权或影响正常的市场竞争秩序。
If we think that mobile phone manufacturers can not let things drift to user security cannot ask, then the mobile phone manufacturers in the users to install the application may increase security risks can only stand by. Mobile phone manufacturers as intelligent terminal manufacturer, operating system developers, at greater risk at the same time, the risk management should enjoy the rights, as long as the exercise of this right does not infringe the legitimate rights and interests of others, limiting the user’s freedom of choice or affect the normal order of market competition.
安智诉华为,只是个案,又不是简单的个案,案件的走向关乎移动互联网领域的行业规则,北京法院曾经创造过一系列极富见地的裁判规则,这一次,让我们拭目以待。
AZ v. HUAWEI, is the case, it is not a simple case, the direction of the case related to the field of mobile Internet industry rules, the Beijing court had created a series of insightful judgment rules, this time, let us wait and see.
微信扫一扫关注该公众号
Sweep the concern of the public, WeChat

基于P2P技术的僵尸网络在设计上还有不少弱点,容易被别人抢去控制权,然后通过黑吃黑的方式,四两拨千金。

猜您喜欢

信息安全意识计划的关键成功因素
公司员工信息安全意识教育动画视频
EHS在线课程,让全体员工和其他相关方轻松理解并遵照执行EHS方针
铁骑返乡农民工的困:能省一百是一百 给孩子买衣服
MINTJOOMLA AVERMACK
一体化“安全前线”产品“信息安全意识包厢”