Illustration: VCG
Mobile phone user Xu Aixing feels uneasy using her phone apps. She suspects the keyboard apps she installed on her phone are secretly recording and analyzing her user history, and selling it to advertisers or even more nefarious data collectors.
After Xu types a celebrity's name or a place, even during a private conversation, advertisements promoting related products have appeared on her phone. "It's scary to see ads of skates or skating clubs hours after I texted my friend saying my son likes to skate," Xu told the Global Times.
Similar concerns have been seen on Chinese social media, where users have complained about apps' possible misuse of their personal information or messaging history. This concern was heightened by Allen Zhang Xiaolong, head of China's most popular messaging app WeChat, who said last week that some domestic keyboard apps are suspected of violating users' privacy.
There were more than 765 million users of keyboard apps in China as of September, according to statistics released by data analysis company Analysys and there has long been debates about keyboard apps infringing on user privacy, industry watchers said.
Keyboard apps that collect user behavior information have been shown to have gone beyond the necessary and acceptable collection of personal data of users, Fang Xingdong, founder of Beijing-based technology think tank ChinaLabs, told the Global Times.
Ambiguous responsesSogou, Baidu and iFlytek are the top three third-party IME keyboard apps among Chinese users, Analysys' data showed.
The three apps ask users for permission to collect data, a Global Times reporter, who downloaded and tried the apps this week, discovered.
All of them ask permission to know a user's locations after the initial installation, and Baidu and Sogou ask users for additional permissions such as access to their contact lists, the Global Times found.
A consumer-service staffer with iFlyTek Input explained that the app asks users for access permissions of some systems, including microphone, address book, and location information, to provide users with more accurate and convenient service. "These [access permissions] can be turned off at any time," she told the Global Times.
Sogou technical support team gave the Global Times a similar response on Tuesday, saying it collects information of users, who can cancel the authorization and continue using the app.
Both iFlyTek's and Sogou's customer service persons promised that their products never misuse users' data, including collecting them to target advertising. They nonetheless failed to explain how the apps are able to push unsolicited ads, with a Sogou staffer merely saying, "You can close the ads if you don't want to see them."
Several major apps including Baidu, Sogou, iFlyTek and Octopus clearly state in their privacy policies that they may collect users' information for further promotions of products and services. Sogou, for instance, may collect users' data to "evaluate the effectiveness of the ads and other promotional campaigns" shown in its apps, Sogou privacy policy statement says.
The privacy policy of iFlytek clearly lists the third-party organizations that it works with to access user information. The 11 partners include an e-commerce platform, a communications company, an advertising agency and a gaming company. The advertising and gaming companies have access to users' mobile identity, network status and network location, according to the privacy policy.
Parent companies of these apps seem reluctant to talk about the issue. Technology firm Sogou, which owns Sogou Input Method, said it has no comment on privacy issues when contacted by the Global Times. Artificial intelligence startup iFlyTek, a speech recognition champion which developed iFlyTek Input, had not responded to a formal request for comment as of press time.
Legal dilemmaThe app market has long been suspected of privacy violations and faces few legal constraints, said industry insiders reached by the Global Times.
Several were on the list of the 131 mobile phone apps that infringe on users' rights and interests that was released by China's Ministry of Industry and Information Technology (MIIT) last October. Problems with these apps include improper collection or use of personal information, and excessive request for permission, news site thecover.cn reported.
MIIT, the country's industry watchdog, has played a large role in cracking down on user privacy infringement or excessive collection of user information, Fang told the Global Times.
Fang doesn't support relying only on the self-discipline of app developers or warnings by MIIT or other government departments to keep user privacy intact. "Penalty standards for [privacy infringement] offenses should be crystallized in laws and regulations such as the Cybersecurity Law," Fang said.
Calling for legislation that specify penalties for privacy intrusion, the industry veteran also advised several cases typifying input methods infringing on user privacy ought have clearly defined penalties to legally deter these apps from rampant collection of user data.
Huang Rihan, executive dean of the Beijing-based think tank Digital Economy, agreed that there is an urgent need to amend and improve the Cybersecurity Law, which was passed in 2016 and has been "unable to keep pace with China's rapid internet development," Huang said.
As a result users are usually in a weak position when current laws and enforcement fail to constrain possible wrongdoings of the apps. "Lots of apps require users to authorize some [access] permissions, and users usually have no choice between privacy and convenience," Huang said. "If you don't agree [to give them permissions], many of their functions simply won't work."
Xu, the mother of child who likes to skate says in today's online, social media work there really isn't much choice but to accept the feeling someone or something is watching as you type. "Although I'm worried these apps may leak my data and privacy, it's really hard to uninstall and not use them," she sighed. "I've used them for years. I've been spoiled."