日前，国家计算机病毒应急处理中心再次通报65款违规移动应用。事实上，南都·湾财社注意到自2024年以来，上述机构已经先后多次密集通报 了多款违规移动应用，金融类APP成为其中的重灾区之一。 南都·湾财社梳理发现，2024年以来，共有28款金融类APP被"点名"，涉及63条违规事由。被通报的金融APP覆盖银行、证券、基金、信贷等多个 领域，既有地方农商行的官方应用，也有知名互联网金融平台。 在金融数据与用户财产安全高度绑定的当下，这些违规金融APP犹如悬在用户头顶的利剑，随时可能侵犯用户权益。南都·湾财社对部分被点名 的金融APP进行了回测，发现各家金融APP的整改情况并不相同，部分APP仍未完成整改。 2024年至今28款金融APP被"点名" 违规事由达63条 近日，国家计算机病毒应急处理中心通报了65款违规移动应用，经该中心检测，这些移动应用存在违法违规收集使用个人信息情况，包括无隐私 政策、APP未在征得用户同意后开始收集个人信息或打开可收集个人信息的权限等违规情形。 事实上，自2024年以来，国家计算机病毒应急处理中心就加大了对违规APP的检测和治理力度，并定期通报违规移动应用。根据国家计算机病毒 应急 ...

Core Viewpoint - The National Cybersecurity and Information Security Information Notification Center reported that 35 apps in Tencent's mobile app store "Yingyongbao" were found to illegally collect and use personal information, highlighting compliance issues in the emerging generative AI sector [1][2][4]. Group 1: Violations and Affected Apps - The reported violations involved 11 categories, with the most prominent being illegal notification forms, excessive information collection, and unrelated collection frequency, affecting 18, 12, and 10 apps respectively [1]. - Among the 35 apps, approximately 15 are video editing tools, 11 are AIGC (AI-generated content) tools, and 4 are AI education tools, indicating a significant reliance on user data in the generative AI technology field [1][2]. Group 2: Regulatory Context and Actions - The legal basis for the detection report includes the "Cybersecurity Law of the People's Republic of China" and the "Personal Information Protection Law," with enforcement actions being part of a broader initiative by multiple government departments [4][5]. - The report marks the first proactive intervention by the Ministry of Public Security regarding early-stage illegal collection of personal information by apps, suggesting a potential shift towards a long-term regulatory mechanism [3][4]. Group 3: Industry Response and Compliance - Companies involved have not publicly responded to the report, although some have reportedly received rectification requests, indicating a need for immediate compliance [3]. - The increasing regulatory scrutiny necessitates that app operators prioritize legal compliance regarding personal information collection and usage, as highlighted by the implementation of the "Personal Information Protection Compliance Audit Management Measures" [5][6].

针对学生群体，该团伙通过招募学生兼职拉人头的方式，许诺其只要拉够一定数量需要办理储蓄卡、信用卡的同学前往咨询，就可以获取200到300元不等的 好处费、人头费。一旦有人咨询，犯罪嫌疑人以办理信用卡、储蓄卡送礼品、现金返利为诱饵，吸引学生办卡。在办卡时，谎称录入信息不成功要求重新输 入，在他们不知情的情况下，窃取身份和人脸信息，违规办理电话卡。 针对老年群体，该团伙则在各大菜场、商场等地，以开户后三个月即销户、开户即赠送大米、鸡蛋等为诱饵，诱骗前来领取免费赠品的老年人开办新入网手 机卡。在确认老人没有使用的需求后，当面上演一出当场假装掰断卡的动作，将这些已通过身份证实名认证的手机卡非法截留。随后，这些电话卡插入"猫 池"来批量接收验证码，再将验证码转发给境外诈骗团伙，用于注册短视频、购物、交友软件等平台账户，为诈骗等违法犯罪活动提供便利。 目前，13名犯罪嫌疑人已被警方依法刑事拘留，案件在进一步侦办中。 在这起案件中，市民群众不难发现，这些非法获取的手机卡及其服务密码被诈骗分子利用后，将会为电信网络诈骗、网络赌博、洗钱等违法犯罪活动提供便 利条件，也会使网络环境充斥大量虚假账号和恶意行为，影响互联网企业正常运营 ...

中新社北京5月14日电 (记者刘育英)中国工业和信息化部5月14日在官网公开征求对《儿童手表安全技术 要求》强制性国家标准(征求意见稿)的意见。标准对电池安全、网络安全、网络沉迷防治、付费管控等 多方面提出具体要求，在网络安全部分提出手表不可预置生成式语音问答应用程序。 根据定义，儿童手表指供3周岁及以上，14周岁以下儿童使用的手表。儿童智能手表为具备信息处理如 通话、定位等功能，且满足儿童特定需求的儿童手表。 该标准编制说明指出，考虑到消费者对儿童智能手表在信息安全方面的关注度高，产品存在可能的非法 窃听、信息泄漏等信息安全隐患，在标准中规定了信息安全、数据安全和个人信息保护、内容安全的要 求。 该标准还在生物特征识别方面做出规定，要求已注册用户可以注销该功能，还要求手表具备防假体呈现 攻击检测功能，通过呈现攻击检测，为使用生物特征识别技术进行身份验证的手表提供安全保障。(完) （文章来源：中国新闻网） 其中，信息安全要求从六个方面保证产品的安全性，要求手表具备应用程序或安装程序的安全管理机 制，可以识别防范恶意程序被预置或安装等。 数据安全和个人信息保护要求从八个方面保证产品的安全性，提出儿童智能手表应制 ...

Core Points - The article discusses the legal implications of personal information protection in the context of digital transactions, highlighting a case where a consumer's information was allegedly shared without consent [1][2][3] - The Beijing Internet Court ruled that the collection of transaction information by a WeChat mini-program without explicit consent constitutes a violation of personal information rights [2] Group 1: Legal Framework - According to China's Personal Information Protection Law, personal information processors must obtain consent from individuals before processing their data, or it must be necessary for the performance of a contract [2] - The court found that the WeChat mini-program did not clearly inform consumers about the collection of their transaction data in its user agreement or privacy policy [2] Group 2: Case Details - The consumer, Mr. Ma, argued that his offline shopping information was unlawfully obtained by the WeChat mini-program, leading to a lawsuit for an apology [1] - The court determined that the transaction details, such as store location and payment amount, are considered personal information and that the mini-program's data collection was not essential for the payment process [2] Group 3: Industry Implications - The Beijing Internet Court has seen a wide range of cases related to personal information protection across various sectors, including social media, e-commerce, and financial services [3] - The court emphasized the importance of public awareness regarding personal information protection and advised consumers to be cautious about sharing their data [3]

来源：九派新闻 5月13日，爱奇艺@桃厂上线了 回应被通报： 针对国家计算机病毒应急处理中心检测报告披露的爱奇艺（版本X9M_m1e_17.0.0.20221018）存在个人 信息收集使用的问题，我们高度重视并第一时间开展内部核查。 经核查，该版本为2022年10月上线的某品牌车载端应用，由爱奇艺合作方开发并提供。 针对报告披露的问题，我们正与合作方一道认真核查，积极整改，后续将更新合规的新版本应用。我们 会继续严格落实个人信息保护的主体责任，为用户提供安全优质的服务。 此前，5月12日，据国家网络与信息安全信息通报中心通报，依据《网络安全法》《个人信息保护法》 等法律法规，按照《中央网信办、工业和信息化部、公安部、市场监管总局关于开展2025年个人信息保 护系列专项行动的公告》要求，经国家计算机病毒应急处理中心检测，65款移动应用存在违法违规收集 使用个人信息情况。 其中，《爱奇艺》（版本X9M_m1e_17.0.0.20221018，奇瑞预装第三方应用）涉及以下五类违规问题： 1、个人信息处理者向其他个人信息处理者提供其处理的个人信息的，未向个人告知接收方的名称或者 姓名、联系方式、处理目的、处理方式和个 ...

Core Viewpoint - iQIYI has responded to concerns regarding personal information collection issues identified in a report by the National Computer Virus Emergency Response Center, emphasizing its commitment to user data protection and compliance [1] Group 1: Company Response - The company has initiated an internal investigation following the report's findings about its application version X9M_m1e_17.0.0.20221018, which was launched in October 2022 [1] - iQIYI clarified that the problematic version was developed and provided by a partner for a specific brand's in-car application [1] - The company is actively working with its partner to address the reported issues and plans to release a compliant updated version of the application [1] Group 2: Commitment to Data Protection - iQIYI reiterated its commitment to fulfilling its responsibilities regarding personal information protection and aims to provide safe and high-quality services to its users [1]

Core Insights - OpenAI has released new models ChatGPT o3 and o4-mini, which possess advanced visual reasoning capabilities, allowing them to accurately identify and locate places from images [1][3][15] - The ability of AI to analyze images raises significant concerns regarding personal information protection, as it can deduce precise locations and even personal characteristics from seemingly innocuous photos [1][19] Group 1: AI Capabilities - ChatGPT o3 can analyze various details in images, such as vegetation, landmarks, and even specific items, to accurately determine the location where a photo was taken [3][10] - In tests, ChatGPT o3 demonstrated a high level of accuracy, with 60% of predictions having an error margin of less than 1.6 kilometers [17] - The model integrates image recognition, logical reasoning, and external database access to achieve location identification, even without GPS data [17][19] Group 2: Comparison with Other Models - Other models like Doubao and Quark AI camera showed lower accuracy in location identification compared to ChatGPT o3, often failing to pinpoint exact locations [15][16] - The visual reasoning capabilities of competing models are still developing, indicating that ChatGPT o3 currently leads in this area [15][16] Group 3: Privacy Concerns - The ability of AI to infer personal information from images poses a risk of privacy invasion, as it can identify not only locations but also user preferences and characteristics [18][19] - OpenAI has implemented restrictions to prevent the model from making unfounded inferences about individuals based on images, but these do not cover all aspects of location and personal data analysis [19][20] - Experts suggest that users should be cautious when sharing images online, as AI can utilize various visual cues to deduce sensitive information [20][21]

Core Viewpoint - The National Cybersecurity Center has reported that 65 mobile applications are found to be in violation of personal information protection laws, highlighting significant issues in user consent and data handling practices [1][2][3][4][5][6][7][8] Group 1: User Consent and Information Collection - 9 applications failed to clearly inform users about their privacy policies and data collection practices at the first run [1] - 43 applications did not specify the purposes, methods, and scope of personal information collection in their privacy policies [2] - 16 applications did not inform users about the transfer of their personal information to other parties, nor did they obtain separate consent [3] - 4 applications began collecting personal information without obtaining user consent [4] Group 2: User Rights and Data Management - 9 applications lacked effective mechanisms for users to correct, delete personal information, or cancel their accounts, and did not respond timely to such requests [4] - 3 applications failed to process complaints and reports within the promised timeframe and lacked a convenient mechanism for users to exercise their rights [5] - 32 applications did not provide users with a way to withdraw consent for data collection [5] Group 3: Sensitive Information and Security Measures - 6 applications used automated decision-making for information push and marketing without providing options to refuse or alternatives [6] - 7 applications processed sensitive personal information without obtaining separate consent and did not inform users about the necessity and impact on their rights [6] - 15 applications did not implement adequate security measures such as encryption or de-identification of personal data [7] Group 4: Privacy Policy Compliance - 5 applications were found to have no privacy policy at all [8] - 31 out of 67 previously reported applications still exhibited issues upon re-evaluation, leading to their removal from distribution platforms [8]

但从实践来看，治理App信息收集乱象，不能仅靠事后通报，还需要在制度设计上不断做"加法"， 比如对违规行为设定更具威慑力的处罚标准；在技术手段上做"升级"，建立覆盖全周期的智能监测系 统，及时拦截违规收集行为；在用户参与上做"乘法"，在强化隐私保护知识普及的同时，畅通一键举 报、隐私反馈等渠道。让App在"阳光"下规范收集信息，是切实保护公民个人信息安全的必要举措，也 是推动个人信息保护走向技术向善的应有之义。 编辑：林楠特 通报提到的"未逐一列出收集使用个人信息的SDK""未提供个人信息收集使用规则"等，反映到用户 层面，其实就是公众使用App时常遇到的——软件强制收集与使用功能无关的信息、隐私协议被设 为"默认勾选"、难以找到撤回授权的通道等。此类乱象存在，一方面可能是App技术防护未能跟上，另 一方面，则是某些企业将用户数据当成了"隐形资产"，加上用户维权意识较为薄弱，客观上纵容了企业 的侥幸心理，让其愈发肆无忌惮。 个人信息安全是数字时代的"生命线"。随意收集用户位置、通信录、医疗记录等敏感信息，不仅可 能导致骚扰电话、精准诈骗等，也会让公众在未来使用App时产生不必要的困扰与焦虑。 值得关注的是，近 ...