In 2022, 75% of the tested TV operating systems have known security vulnerabilities From China Academy of information and communication
The following is the In 2022, 75% of the tested TV operating systems have known security vulnerabilities From China Academy of information and communication recommended by recordtrend.com. And this article belongs to the classification: Internet TV, Household appliance industry, Consumer research.
Did you know that smart TV will also force authorization, over claim rights and collect personal information beyond the scope, threatening the safety of home users. Recently, the China Academy of information and communications and the telecommunications terminal Industry Association released the Research Report on Ott terminal data security and personal information protection (2022) (hereinafter referred to as the report). The report shows that the infringement of personal information rights by smart TV SDK is more serious than that of smart phones.
SDK: third party software development kit Ott: Internet companies provide various services to users with Internet as the media and Internet TV as the terminal
Why do these problems occur?
How to ensure the safety of smart TV users
Personal information security is not infringed?
For this
The reporter of China consumer daily conducted an in-depth investigation
one
The report shows:
In terms of data security and personal information security, there are a large number of phenomena of compulsory authorization, excessive claims, and beyond the scope collection of personal information by Internet TV apps and third-party SDKs;
In terms of traffic fraud, the proportion of false cheating traffic in Ott is high, squeezing the advertising market budget and threatening the safety of home users;
In terms of content, content piracy, infringement, second innovation, handling and other soft piracy are prominent, affecting the development of the video payment market;
In terms of screen projection security, screen projection is more convenient, but there is also a risk of revealing users’ privacy.
The report also shows:
75% of the tested TV operating systems have known security vulnerabilities;
60% of the pre installed apps have the problem of illegally collecting user information such as MAC address;
80% of the built-in SDK and pre installed applications of TV systems have the problem of sharing user sensitive data with third parties without the consent of users.
From the perspective of problem distribution:
The system components have the most problems, up to 27%;
The second is the security of preset apps, accounting for 23%;
Security issues from the operating system and personal information protection account for 18% respectively;
Data security issues accounted for 14%.
two
The report shows that among user data security issues, data sharing security issues are more prominent.
Almost all Internet TV apps share data with integrated third-party SDKs, but this behavior is not reflected in the privacy policy. The user’s sensitive information is transmitted without desensitization. For example:
The preset app of the tested Internet TV will display the mobile number of the account information page in clear text, and others will transmit the user’s remote control operation, personal viewing habits and other personal information in clear text.
The display of permission application statement and information collection statement in the privacy policy is also a disaster area. The report shows that 80% of apps on Internet TV have no other rules for publicly collecting and using personal information. There are a lot of problems such as default consent privacy policy, illegal / out of range collection and use of personal information, third-party permission application and lack of information collection statement.
The test found that 80% of apps on Internet TV have the problem that the installed software package is not reinforced. Attackers can insert malicious code at a lower cost, causing user information disclosure and property damage; 57% of the configuration files in the preset app code on Internet TV are set to open, which is easy to cause application vulnerabilities and be exploited by hackers.
According to the report, the apps on Internet TVs tested are all involved in the private collection of personal information, including private sharing with third parties, collection of personal information beyond the scope, denial of permission, excessive request for permission, etc.
three
Ge Mengying, legal director and data compliance officer of talk ⁃ ingdata, told the reporter of China Consumer News: “I think the behavior of this built-in SDK is the illegal operation of app and TV manufacturers.”
“Internet TV itself cannot directly build SDK. As a software development kit, SDK takes app as the carrier. The SDK built in the TV system, specifically, is built in the TV manufacturer’s own app or partner’s app, and this built-in behavior requires the technical cooperation of the TV manufacturer.
Unlike mobile phones, many TV manufacturers’ apps may not have display pages, so they will not be displayed to individual users, which leads to the situation that individual users do not perceive.
From the perspective of compliance, there is a problem that the loaded SDK is not disclosed to individual users by the built-in app. According to the requirements of the personal information protection law and the notice on carrying out the awareness improvement action of information and communication services issued by the Ministry of industry and information technology, app should disclose the list of loaded SDK in its privacy policy, including the basic situation of personal information collected by SDK, including information types, use purposes, use scenarios and other information. “
four
As for the provisions on pre installation, the Ministry of industry and information technology issued the notice on strengthening the management of mobile intelligent terminal network access as early as 2013 and the Interim Provisions on the management of mobile intelligent terminal application software presetting and distribution in 2016, so as to refine the regulation of mobile intelligent terminal manufacturers and Internet information service providers providing mobile intelligent terminal application software distribution services. Since then, the Ministry of industry and information technology, together with the state Internet Information Office, drafted the notice on further standardizing the preset behavior of application software for mobile intelligent terminals (Draft for comments) again this year to further standardize the preset and distribution management of application software.
Ge Mengying said, “since the main purpose of the above provisions is to protect the right to know and the right to choose of individual users, it doesn’t matter whether the carrier is a mobile intelligent terminal or a smart TV. The important thing is to protect the rights and interests of individual users.”
Ge Mengying believes that the provisions of the above regulations on the pre installed notification obligation are consistent with the personal information protection law, which specifically points out that before processing personal information, it is necessary to perform the notification obligation to individuals truthfully, accurately and completely in a clear and understandable language in a significant way. Therefore, smart TV manufacturers should publicize the list of preset applications to individual users, usually on the official website of TV manufacturers. In terms of specific methods, consumers’ right to know and choice should also be guaranteed.
five
Duanzhichao, a senior data compliance lawyer of HanKun law firm, told the reporter of China consumer daily that there is no difference between Internet TV and smart phones in the nature of personal information collection and application.
He believes that although Internet TV may be relatively less relevant to individuals than smartphones, the viewing records, behavior data of Internet TV and its various terminals, as well as the purchase records, installation records, maintenance records and other information related to Internet TV, can also reflect some personal characteristics, such as income, interest preferences and so on.
In addition, the camera, microphone and other functional modules carried by Internet TV to realize video, voice, projection and other functions, as well as the connectivity and interaction between multiple devices, if appropriate security measures are not taken, personal information leakage and other problems will be caused.
At present, the regulatory focus of APP personal information protection is still mainly on mobile app applications and SDK. Duan Zhichao believes that both the personal information protection law and the recently released regulations on the management of mobile Internet application information services have put forward higher requirements for the personal information protection level of the Internet television industry, The regulatory authorities can easily apply the experience or industry consensus summarized in the supervision and law enforcement of mobile app and SDK to the supervision and governance of Internet TV and other mobile intelligent terminals. These existing cases will provide clear direction for all parties in the Internet TV industry.
Read more from China Consumer News: China Academy of information technology: 2022 Research Report on Ott terminal data security and personal information protection (download attached) Zhongyikang era: operation of China’s home appliance market in April 2019. Ovi cloud network: Ott box observation report from October 24 to October 30, 2016. Ovi cloud Network & China Electronic Information Industry Federation: it is expected that the domestic smart TV and box ownership will exceed 400million in 2020. Ovi cloud network: smart TV user behavior analysis report in September 2016. Ovi cloud network: big data Blue Book of large screen ecological operation in 2016 (with download) Ovi cloud: analysis and prediction of China’s Ott box Market in the first half of 2016 Ovi cloud: the average daily startup rate of smart TV in April 2016 was 56%. Ovi cloud: observation report of Ott box from February 22 to February 28, 2016 Ovi cloud: the sales volume of Ott box in the first week of 2016 was 149000. Ovi cloud: China Ott index report in November 2015 Ovi cloud: Research on China’s Ott development in October 2015 Ovi cloud: April September 2015 online smart TV box is large Data Ovi cloud: 2016 blue book on Ott advertising value (with download) Ovi cloud: observation report of Ott box from February 20 to 26, 2017
If you want to get the full report, you can contact us by leaving us the comment. If you think the information here might be helpful to others, please actively share it. If you want others to see your attitude towards this report, please actively comment and discuss it. Please stay tuned to us, we will keep updating as much as possible to record future development trends.
RecordTrend.com is a website that focuses on future technologies, markets and user trends. We are responsible for collecting the latest research data, authority data, industry research and analysis reports. We are committed to becoming a data and report sharing platform for professionals and decision makers. We look forward to working with you to record the development trends of today’s economy, technology, industrial chain and business model.Welcome to follow, comment and bookmark us, and hope to share the future with you, and look forward to your success with our help.
