In this digital age, every stroke and every voice command we make is leaving traces in the cloud, and the cloud input method, as the core component of smartphone interaction, is the bridge between users and the digital world, and its security and importance are becoming increasingly prominent.
Recently, a security report released by citizenlab, a privacy research organization, showed that in addition to Huawei, eight mainstream Chinese mobile phone input method applications, including Baidu, Honor, iFLYTEK, OPPO, Samsung, Tencent, vivo and Xiaomi, all have serious security vulnerabilities. These vulnerabilities allow hackers to completely steal user input and even conduct network eavesdropping, affecting nearly 1 billion users.
This report has once again drawn public attention to the privacy and security issues of cloud input methods and smartphone operating systems.
The hidden corner of the cloud input method: the security crisis has surfaced
With the popularity of smart phones and the rapid development of mobile Internet, cloud input methods are widely loved by users because of their convenience, intelligence and personalized recommendations. However, while enjoying the convenience brought by technology, the security risks of user information also come with it. The increasing complexity of the back-end technology of cloud input method applications, as well as the increase in data processing and storage, provide more opportunities for hacker attacks.
There are two main concerns of security researchers at CitizenLab for the security of cloud input method applications: whether user data is secure on the cloud server and whether the information is safe during the transmission from the user's device to the cloud server.
The researchers tested multiple platform versions (Android, iOS, and Windows) of Tencent, Baidu, iFLYTEK, Samsung, Huawei, Xiaomi, OPPO, vivo, and Honor Input. Among them, Tencent, Baidu and iFLYTEK are the developers of keyboard input method applications, and the remaining six - Samsung, Huawei, Xiaomi, OPPO, vivo and Honor are mobile phone manufacturers, which either develop their own keyboard input methods or pre-install the above three input method products.
After analyzing the input methods of nine manufacturers, the researchers found that only one manufacturer's input method application (Huawei) did not find any security problems when transmitting user keystrokes. Each of the remaining eight vendors had at least one app that found the vulnerability.
This directly means that the user's input, including but not limited to text, voice, etc., may be intercepted during transmission, resulting in privacy leakage. In the absence of encryption protection, hackers can easily steal users' sensitive information, such as passwords, private conversations, trade secrets, etc., through network surveillance and other means, bringing risks to personal privacy, property security, and even national security. If the cloud service provider's security measures are not in place, the user's input history, habits, preferences and other private information may also be illegally accessed, or even used for improper purposes, such as targeted advertising, personal data construction, identity theft, etc.
The citizenLab report is like a shock bomb, and this situation also requires the industry and the industry to reflect together: how to find a balance between technological innovation and user privacy, and how to build a stronger security barrier?
Build a strong line of defense for user privacy with innovative technology
In the face of the security risks of the cloud input method, Huawei's Xiaoyi input method has become the only application that has not been found to have any security defects by virtue of its unique advantages under the HarmonyOS system. This security is not accidental, but the inevitable result of Huawei's long-term adherence to "privacy first" and strict requirements and continuous investment in product security.
It is reported that Xiaoyi input method not only supports a variety of input methods, including voice, translation, shooting, text, etc., but also based on the Hongmeng system and Pangu model, so that users can get a fast and accurate input experience. At the same time, as the official preset input method of Huawei mobile phones, Xiaoyi input method is developed in strict accordance with Huawei's security specifications, and when it comes to cloud-side function calls, Huawei uses an end-to-end global network security and privacy assurance system to ensure that the entire process of data transmission is encrypted, ensuring 100% security during data transmission, and completely cutting off the risk of data leakage.
In particular, the latest version of HarmonyOS 4.2 is upgraded in terms of pure security, among them, HarmonyOS 4.2 has recently launched "Shake Ad" blocking, which provides a "Shake Device Direction" permission control switch, that is, whether the application can obtain the current rotation information of the device, to ensure that the user's shake and jump behavior can be known and controlled; Third-party applications are protected against fraud in all ways, and together they build an impregnable security line.
As the core of HarmonyOS system security protection, the application control center realizes the whole process of risk monitoring from application installation to operation. Once an application is found to have risky behaviors, such as malicious deductions or information theft, the system will take swift action, from prompting users to proactively suggesting isolation of risky applications to ensure that user data is not compromised. The application control center can not only intelligently identify application behaviors, but also provide real-time feedback on application security status through desktop cards, allowing users to intuitively understand and actively manage application permissions.
Application tracking management is another innovation in Huawei's privacy protection, which puts the user's ability to obtain anonymous device identifiers (OAIDs) in the hands of users. Users can decide which apps can track their behavior and which cannot, fundamentally changing the situation that data was unconsciously "interconnected" in the past, and truly realizing the return of data sovereignty to users.
In addition, the Privacy Center provides users with comprehensive monitoring of app behavior, so that users can clearly understand which apps are accessing which sensitive permissions, and can quickly intervene if inappropriate behavior is detected. The image privacy protection function is even more nuanced, automatically removing sensitive information from the picture, such as location data, personal identity information, etc., and providing users with one-click privacy protection when sharing, so that social sharing no longer has to worry.
Huawei's efforts in privacy protection are not only reflected in technological innovation, but also in conceptually leading. The security and purity of Xiaoyi input method is a microcosm of the overall security concept of the HarmonyOS system, reflecting Huawei's firm commitment to user privacy protection.
With the development of science and technology and the wide application of information technology, users' demand for information security is becoming more and more urgent. In such a digital era full of privacy crises, the HarmonyOS system is proving with practical actions that security and convenience are not incompatible, but should complement each other and jointly build the cornerstone of a digital life trusted by users. (Yongwen)
Source: Guangming.com