“Pop-up Cancer” Urges Mobile Phone Manufacturers

Welcome to the WeChat subscription number of “Sina Technology”: techsina

Text / Zhao Jinjie

Source / Bento Finance (ID: daxiongfan)

In just half a month, the revenue of Liu Zhi’s team plummeted by nearly one-fifth, which was directly triggered by an announcement from Huawei.

On June 29, Huawei AppGallery announced that it will no longer include cleaning and Wi-Fi applications that are newly applied for listing, and re-test and check the cleaning and Wi-Fi applications that are already on the shelf. The reason is that such applications There are problems such as illegal collection of personal information, automatic download of other software, frequent pop-up windows and ads that cannot be closed.

Two related apps developed by Liu Zhi’s team were affected by this policy and were forcibly removed from the shelves in early July. According to Liu Zhi’s prediction, the average monthly income of the team will be reduced from the original 100,000 yuan to about 80,000 yuan, and the source of income will rely more on other application distribution platforms and another business of the team – network promotion.

In the course of China’s Internet development, local promotion and online promotion are two forces that cannot be ignored. Together, they promote the continuous growth of the number of users of various products.

Compared with the conventional means of promotion, the way of online promotion is much wilder. In addition to the regular official software stores, major app stores, and the information flow advertising channels within major apps, there is also a hidden method, which is to push product information to users through web page hijacking or forced pop-up advertisements. .

Liu Zhi’s team is a link in this gray industry chain. Compared with the current slow-growing Internet business environment, Liu Zhi especially misses the era of BAT wars: from O2O, takeaway wars to shared bicycles, short video competitions, and the recent community group purchases, “Every time a trend comes, (for us) ) is an opportunity for the Nuggets.”

Alphabet once pointed out in the article “Elderly mobile phone has “pop-up cancer” published in March this year that these pop-up advertisements often do not have any triggering conditions, and even when the mobile phone desktop is stationary, advertisements will pop up.

What’s even more annoying is that some malicious apps in the name of cleaning are also good at creating false effects of mobile phone freezes by popping advertisements and other means, inducing users who are not skilled in mobile phone operation, especially elderly users, to click on these disguised buttons. In the end, the advertisement application link failed to realize the original intention of cleaning up the stuck, and the mobile phone downloaded and installed more malicious applications.

Jin Ye, a senior security researcher in the Asia-Pacific region of antivirus software company Kaspersky, told BenLunch Finance that software that “can be installed with a single accidental touch” and “has induced installation behavior from the very beginning” can all be classified as rogue software. A large part of these rogue software is under the banner of so-called cleaning software to induce users to download, and such programs often have a common feature, that is, no effective entity development company can not be found, and even some developers are given contact information The way is also false.

For Liu Zhi, bigger trouble is coming. After Huawei, vivo and Xiaomi released announcements in mid-to-late July respectively, stating that they would carry out a “special rectification action for app infringement of user rights and interests”, focusing on the rectification of privacy compliance issues of clean-up and Wi-Fi products.

According to insiders of Xiaomi, Xiaomi has stopped listing cleaning and Wi-Fi products in the app store, and will conduct high-frequency back-testing and user feedback review of products on the shelf. “.

Gray industry chain practitioners like Liu Zhi are ushering in a new round of “cat-and-mouse game” with mobile phone manufacturers.


Domestic mobile phone manufacturers have to be anxious.

In the first half of this year, the total shipments of mobile phones in the domestic market totaled 136 million units, a year-on-year decrease of 21.7%, of which domestic brand mobile phone shipments fell by 25.9% year-on-year.

Hu Boshan, executive vice president and chief operating officer of vivo, pointed out in an interview with the media that “China’s mobile phone market has completely entered the stock market”, and the replacement cycle is becoming longer and longer, extending from 16-18 months in the early stage to 36 months in 2022.

The second-quarter report released by market research firm Canalys shows that global smartphone shipments fell by 9% year-on-year due to the economic downturn, falling below 300 million units. Compared with the contrarian growth of Samsung and Apple, Xiaomi, OPPO and vivo all suffered two losses. digit decline.

Compared with the year-on-year decline in sales, domestic mobile phone manufacturers are also facing a greater risk – inventory backlog. Zhao Ming, CEO of Honor Terminal, recently stated that it only takes one or two months to respond from a shortage of supply to a backlog of inventory.

Supply chain leaders, including Tianfeng Securities analyst Guo Mingji and SMIC CEO Zhao Haijun, have all released news that Android mobile phone manufacturers will significantly “cut orders” in 2022 to reduce orders. Even Xiaomi President Wang Xiang had to admit during the first-quarter earnings call, “We are facing a declining market.”

Canalys research analyst Runar Bjørhovde pointed out that economic turmoil, sluggish demand and overstocked inventories are causing manufacturers to quickly adjust their product mixes in the second half of 2022. “Consumers’ budgets are tightening, and part of the demand will shift to low-end products, while the oversupply of mid-end products will be the price range where manufacturers focus on adjusting product releases.”

According to Yu Liang, an industry analyst at Omdia, low-tier cities and the elderly will undoubtedly become the two key directions for digesting low-end mobile phones in China.

In the face of a market with declining growth, Yu Liang believes that there are two ways for domestic mobile phone manufacturers to boost sales: one is to stack materials at the hardware level, improve configuration, and enhance cost performance; the other is to optimize the system at the software level to create more Smooth user experience.

At the stage of increasingly homogeneous hardware configuration, optimizing user experience has become one of the important choices for mobile phone manufacturers. This may be one of the reasons why mobile phone manufacturers such as Huawei, Xiaomi, and vivo have cracked down on rogue software.

Li Zhen, an engineer of domestic top mobile phone manufacturers who is familiar with the review work of the app store, told Ben Lun Finance that such rogue software often causes multiple harms, and the most direct harm is that it affects the normal use of users. Because such applications often pop up pop-up windows in inappropriate scenarios, preventing users from using their phones or applications normally. “For example, rudely covering the screen with ads on the user’s lock screen, desktop, or forging a fake desktop shortcut (similar to creating another “WeChat”) to induce users to click, etc.”

At the same time, this kind of rogue software will also bring some invisible privacy risks, such as uncontrolled “over-range and over-frequency” to obtain user privacy information, including ID card, bank card number and other sensitive user information, thus giving users’ personal information security bring huge risks.

For mobile phone manufacturers, the frequent self-starting, malicious keep-alive, and frequent reading and writing of storage caused by such rogue software will cause basic experience problems such as mobile phone freezes and heat, which will lead to a large number of user complaints and damage. Brand reputation among users.

Under the hardware convergence, for domestic mobile phone manufacturers, whoever can do a better job in eliminating rogue software may be the first to eat the biggest cake in the low-end market.


The “cat-and-mouse game” with rogue software has never stopped since the advent of smartphones.

Since 2010, domestic Android mobile phone manufacturers represented by Xiaomi and Meizu have begun to customize self-developed systems based on the Android open source code AOSP. However, gray industry practitioners are still using various means to capture the desktops of mobile phone users through more covert methods.

Although major mobile phone manufacturers have also successively launched their own “pure mode”, such as publicizing all permission requests for apps, and even prohibiting the installation of high-risk products, and the Ministry of Industry and Information Technology issued a document in August 2019, requiring the development of apps to infringe on users Special rectification work for rights and interests, but the rogue software that creates “pop-up cancer” has been repeatedly banned.

According to Li Zhen, before being put on the App Store, an app needs to go through the review procedures including automatic testing + manual review, security scanning, stability and compatibility testing to ensure privacy compliance and application quality.

In order to avoid auditing, third-party apps may be audited and confronted by different regions (such as third- and fourth-tier cities), models, and crowd cloud control adjustment strategies through hot update capabilities. For other violations, it is necessary to assist in the continuous review and inspection after the launch and the collection of external feedback.” Li Zhen said.

In addition to finding loopholes to circumvent the review mechanism of the official application market, the deep reason why rogue software is difficult to remove lies in the openness of the Android ecosystem.

Lin Chaosheng, an employee of a domestic Wi-Fi software developer, said that based on the openness of Android itself, software developed by regular companies can easily be unpacked and then repackaged and put on the shelves. After the actual download and running, the main function is basically the same, but in fact, some rogue plug-ins have been implanted into the mobile phone through bundled installation.

Li Zhen further explained that the openness of the Android ecosystem will allow some inferior apps to technically improve their ability to keep alive by monitoring system broadcasts, or make chain calls through a variety of apps that integrate malvertising SDKs and interact with each other. Pull live so that it can always run in the background, so as to maliciously pop up advertisement pop-ups at any time.

Compared with Apple’s iOS system, the numerous and chaotic application distribution channels are also a major reason why Android phones are difficult to eradicate rogue software.

According to Jin Ye’s summary, the current rogue software intrusion channels mainly include several types. The simple one is to induce downloads by swiping short videos, and to push through text messages, QR codes, and chat tools. These are all user-perceived and relatively old-fashioned methods.

For hackers, another more efficient way of infection is to first remove malicious code during the compilation process when submitting an application to the official application market for app listing, and then pass the network through a series of legal certifications on the platform. The malicious pop-up program is supplemented by dynamic upgrade. “These are some of the most difficult ways to remove rogue software in the eyes of security vendors.” Jin Ye said that because of such methods, rogue software not only successfully avoided the audit, but also had Endorsements from official platforms and a larger potential audience.

Another factor that makes it difficult to remove rogue software comes from users, because such software often induces users to open high permissions, especially for groups such as the elderly and children with poor discrimination ability, such as guiding users to authorize floating windows, lock screen display , self-starting and other “high-risk” permissions, so as to launch malicious pop-ups. From the perspective of security vendors, Jin Ye believes that this kind of rogue software that activates high-level privileges will be more solidified in the daily inspection and killing.

In the final analysis, rogue software is difficult to remove, not because of the detection and killing process, but because there are too many ways to infect Android phones with rogue software.

Judging from the current reality, in order to completely eliminate rogue software, in addition to the relevant policies issued by the state to restrict supervision, it is also necessary to cooperate more closely between mobile phone manufacturers and antivirus manufacturers to improve the detection and interception capabilities of similar plug-ins for pop-up cancer. .

In addition, mobile phone manufacturers also need to strengthen the development of interactive modes suitable for the elderly. It is obviously far from enough to have functions such as larger fonts and larger icons.


The core driving force that attracts people like Liu Zhi to resolutely devote themselves to gray production despite knowing the violations, is ultimately a considerable economic return.

Li Zhen said that apps from unofficial sources often use pop-up windows to guide users to download advertising apps for profit. The industry has spawned companies that provide SDKs for malicious high-frequency pop-up ads, forming a complete gray industry chain.

There are generally two types of orders for such people who develop rogue software: one is passive orders, that is, they receive external demand for swiping orders and earn traffic commissions from them; the other is active orders, that is, those who have a lot of downloads , Good money making software.

According to Lin Chaosheng, under this type of model, three or five people can quickly develop a software, and put the software on the major channels through the various means described above. In order to intercept more traffic, they will even take the initiative to spend money to buy information flow advertisements, such as putting out 5,000 yuan of advertisements, and finally realize the income of 5,500 yuan and make a net profit of 500 yuan. Once the model runs through, this type of software will start to pop up advertisements in the background, and use the exposure click rate to quickly realize it.

Looking at the current major rogue software, Jin Ye said that pop-up advertising is their core money-making model. This model is not actually an invention of the mobile Internet era. Compared with the PC era, pop-up cancer can be regarded as a relatively mild rogue plug-in. In the PC era, “our definition of this type of thing is called ad click Trojan, and now it is rogue software.”

For any malicious program, apart from the destructive side, what remains is the pursuit of a profit model.

The earliest domestic rogue plug-in to make money is the QQ coral event at the beginning of the century. In 2001, Chen Shoufu, a teacher at the Computing Center of Beijing Institute of Technology, launched the Coral version of QQ, which is a third-party auxiliary software based on Tencent QQ. In addition to the basic functions of QQ, it integrates the Coral Enhancement Package, which can display the IP address and geographic location of friends. , and can block Tencent advertising, its profit model is to mix third-party software in the plug-in to earn traffic commissions.

By 2006, Tencent sued the coral version of QQ for copyright infringement and won the case. After continuous appeals by both parties, by 2008, according to Sohu IT, Chen Shoufu was sentenced to three years in prison, recovered 1.17 million yuan and fined 120 yuan. 10,000 yuan, with a total amount of 2.37 million yuan involved.

The pop-up advertising model that will arise in the PC era, and it is Cheetah that will become bigger and stronger in the mobile Internet era. When it went public in the United States in 2014, Jiemian News reported that what Cheetah Mobile told the capital market was an overseas version of the 360 ​​China model, that is, to obtain traffic entry through tool applications, and then to make money through mobile application distribution, game intermodal transportation, and advertising.

In order to expand revenue, Cheetah Mobile adopted rogue tactics such as inducing downloads and letting users trigger downloads by mistake. In the end, Cheetah also suffered the consequences: in November 2018, the third-party monitoring company Kochava accused Cheetah Mobile of advertising fraud, stealing revenue and other behaviors in 7 apps. Subsequently, FaceBook terminated its cooperation with Cheetah Mobile; in February 2020, 45 applications and games of Cheetah Mobile were judged by Google to have destructive traffic and invalid traffic behavior, and they were completely removed from the shelves.

For small groups like Liu Zhi, chasing Internet entrepreneurship has become their biggest secret to making money. For example, when the mining boom was popular in 2017, they implanted malicious programs into some networking hardware to hijack users’ broadband and use Run with mining or other programs.

According to Liu Zhi, one of the most profitable ways in this industry is to monitor mobile phone voices. The same team size can earn three to five times as much as they do for a month. Through such malicious apps, the browsing records of users’ other apps will also be captured and collected. After analysis, they can send precise pop-up advertisements to users in a targeted manner.

However, high returns are often accompanied by high risks. Because of the large amount of traffic mobilized, voice monitoring is easy to be detected by security applications, and then remind users. Sun Lei, an expert in the security business of a major Internet company, said that with the Ministry of Industry and Information Technology’s violation of APPs With the increasing attention to user rights behavior, such high-level violations are becoming more and more frequent.

Another technical factor that reduces it is that the current precision marketing has opened up online and offline transaction records, and then combined with personal network information, such as users’ cookies, access records of the same account and other comprehensive information to analyze, basically. Accurate push can be achieved, Sun Lei said.

In a typical scenario, many people log in to their mobile phones and still receive a certain product information mentioned in the offline chat without operating their mobile phones. In Sun Lei’s view, this is the result of the data sharing mechanism. , such as daily shopping receipts and bills in offline supermarkets, as long as the merchant system is connected to the Internet, these consumption behaviors may be shared with other platforms.

When asked if he was worried that related applications would no longer be available on all mainstream Android phone application markets such as Huami OV, Liu Zhi did not worry. In his opinion, with the advent of the Internet of Everything, more and more devices Being able to connect to the Internet also means increasing risks.

According to Sun Lei’s explanation, in the era of the Internet of Everything, even if your mobile phone is no longer infested by rogue software, a problem with a small connected device may still drag down the entire family network. “External criminals can use the vulnerability of any device in your home to compromise other devices in your home.”

Taking his security department as an example, Sun Lei said that the company has very strict requirements on computers on the intranet. It must be restarted the next day to access the Internet, and every other month, the password must be forced to change, and it must be a complex password. The reason is that the company is afraid that a certain device in the network will be exposed for a long time and there will be hidden vulnerabilities, which will then spread to the entire company’s intranet.

From this point of view, in the face of an increasingly intelligent society, the struggle against rogue software such as pop-up cancer may no longer just be a matter of mobile phone manufacturers.

(Liu Zhi, Li Zhen, Lin Chaosheng and Sun Lei are pseudonyms in the text)

(Disclaimer: This article only represents the author’s point of view and does not represent the position of Sina.com.)

This article is reproduced from: http://finance.sina.com.cn/tech/csj/2022-07-27/doc-imizmscv3729085.shtml
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment

Your email address will not be published.