With the emergence of mobile smart assistants, users can easily access various third-party apps by simply saying what they want, automatically completing tasks such as taking a taxi, navigating, ordering, writing comments, and sending WeChat messages. This greatly simplifies the mobile phone operation process, making life easy and efficient, thus winning the favor of a large number of users. However, at the same time, there are constant doubts about information exposure, privacy breaches, and security risks. According to experts interviewed by the Legal Daily, many mobile intelligent assistants mainly use AI multimodal models to achieve various functions through screen recognition and simulated clicks, bypassing third-party app authorization. The so-called screen recognition refers to taking a screenshot of a mobile phone screen, and then understanding and analyzing the screen content; Simulated clicking, on the other hand, utilizes the "accessibility permissions" of the mobile phone system to recognize the coordinates of buttons on the current screen, bypass third-party app authorization, and directly click to operate its internal functions. Although this method achieves convenient operation, it also brings huge privacy risks, such as encountering hacker attacks, user data leaks, transferring account funds, etc Experts have pointed out that. There are privacy risks associated with running naked. Journalists have found that some mobile assistants require user authorization to enable accessibility services, while others default to enabling accessibility services. In some cases, there is no option to turn off accessibility switches. It is understood that accessibility services are a thoughtful feature carefully designed by the Android system for people with disabilities, aiming to enable them to use smartphones as conveniently as ordinary people. Through this service, visually impaired individuals can use screen readers to "hear" text information on the screen, thereby enabling interaction with their mobile phones; People with limited mobility can use automatic clicking and other functions to reduce the difficulty of manual operation. According to the introduction of Android accessibility services, accessibility services mainly include using screen readers (i.e. screen reading), changing display settings (such as enlarging the screen, color reversal), interactive controls (such as switch controls, automatic clicking), audio and subtitles (such as sound enhancers, changing subtitle formats), etc. This also means that accessibility services can monitor all applications on the phone and obtain all interface elements on the screen. According to Yang Zijiang, a partner at Beijing Junyi Cheng Law Firm, once a user enables accessible services, all information on the phone screen will be obtained by the mobile intelligent assistant, including personal identity, chat history, address, and even the content entered in the password box. In addition, with the automatic click function of accessible services, users' financial security may also be at risk. This is like opening a 'backdoor' on a mobile phone, where others can enter and exit freely or steal things. Before smart assistants, accessibility services were not only used to assist people with disabilities, but also for illegal software such as Trojans and cheats. Generally speaking, Trojan software would disguise itself as a normal app and induce users to open accessibility services after downloading. Once opened, the Trojan software would monitor the page and keyboard situation, steal payment passwords. Subsequently, the Trojan software would observe whether the user was using the phone (whether the screen was locked) at any time. If not used for a period of time, the Trojan software would automatically open the wallet software and transfer funds, "Yang Zijiang said. In the view of Huang Yan, a partner at Beijing Lufeng Law Firm, although barrier free access can provide substantial assistance to groups with special needs, ordinary users should still be cautious in opening such access because the system has relatively few restrictions on calling these functions. In theory, it can almost perform all screen operations, which can easily lead to data abuse or excessive information collection, posing risks to user property security and personal privacy, and may also cause market order problems such as unfair competition. It is understood that mobile intelligent assistants highly rely on cloud based models, and the task of understanding a large number of user instructions and recognizing screens after taking screenshots is not completed on the phone, but transmitted to the cloud for processing. Regarding this, Yang Zijiang bluntly stated that it may bring greater security risks, as a large amount of user data is being obtained by mobile phone manufacturers. This contradicts the so-called 'end-to-end big model' and increases the risk of data leakage. Moreover, the training of mobile phone models requires a large amount of user data. Users have no way of knowing whether mobile phone manufacturers will feed the user data captured in screenshots to the large model for training, or whether proper data anonymization has been carried out before feeding. Yang Zijiang said that if users need to use mobile smart assistants, they should pay attention to fully understanding the network security risks of using smart assistants after enabling accessible services; Carefully read the privacy policy related to the smart assistant on your phone, understand the scope, purpose, and storage path of the collected data; Pay close attention to the movements of the intelligent assistant during use to avoid misoperation; Close accessibility services as soon as possible after use; When it comes to payment, transfer and other scenarios, try to avoid using intelligent assistants to assist in operations, and turn off apps that can be called by intelligent assistants for password free payments. Huang Yan said that users should carefully grant accessibility permissions when using mobile assistants, pay attention to authorization permissions, carefully read relevant service agreements and privacy policies, regularly review the authorized application list and privacy options in account settings, promptly revoke unnecessary or suspicious application permissions, delete unnecessary accounts and data, keep the operating system and applications updated, use encryption and anonymity tools, and rationally use social media information sharing to reduce potential threats. In Yang Zijiang's view, the promotion and use of mobile intelligent assistants require dual consent from both the app and consumers to improve legislation and strengthen supervision. The mobile intelligent assistant should cooperate with the app it calls, call and start operations from the interface provided by the app, and cooperate with the security control measures of the app; And clearly inform consumers of their usage permissions and whether there may be data breaches and security risks. Yang Zijiang said that in order to ensure that consumers can truly understand and voluntarily agree to the user agreement and privacy policy of the mobile intelligent assistant system software, and effectively exercise their control over personal information, measures should be taken to improve the rules for notifying and agreeing to consumer information, and to enhance the transparency and effectiveness of the notification and consent process. Firstly, clarify the notification content of the mobile intelligent assistant system software. A user privacy policy should be formulated in concise and clear language, highlighting key information such as the subject handling personal information, third-party sharing situations, and the purpose of information use. For sensitive personal information, it should be specifically noted in the privacy policy and user consent should be obtained through pop ups or other means at each collection Yang Zijiang said. Secondly, optimize the user consent mechanism by adopting an explicit consent method, where users express their approval of the privacy policy by actively clicking the "agree" button. We can consider introducing electronic signatures as a form of consent to enhance users' awareness of their authorized behavior. Meanwhile, differentiated consent strategies can be adopted based on different levels of information sensitivity. For highly sensitive personal information, explicit consent from the user is always required. Huang Yan said that the use of mobile intelligent assistants involves mobile phone manufacturers, third-party big model companies App、 There are many entities such as cloud services, and data flows between different entities, which makes it difficult to distinguish the responsibilities of each party in terms of user privacy protection and data security, posing challenges to regulation. Although some mobile phone manufacturers have made certain improvements in protecting personal information and resolving user concerns, there are still issues such as unclear data usage descriptions, difficulty for ordinary users to fully understand privacy policies and potential security risks, and difficulty in avoiding the risk of third-party abuse of unobstructed permissions. In addition, although existing regulatory laws and regulations such as the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law, and the Regulations on the Administration of Network Data Security have made special provisions for data processing activities of emerging technologies, there are inevitably some ambiguous areas in the early stages of new technology application, and there are still problems of legal regulation lagging behind. Yang Zijiang said that from the perspective of market environment and competition, mobile AI assistants may also be suspected of unfair competition. The traffic entry of third-party apps has been transferred to AI assistants, and the profit mechanism of the app itself, such as on screen advertising and user usage time, has been disrupted, which may harm the interests of app manufacturers. Unauthorized use of existing app features by AI assistants to provide services is like hitchhiking on these apps, and the competitive order may also be distorted as a result. To ensure compliance, AI agent manufacturers claiming zero adaptation of third-party apps also need to obtain authorization from third-party app companies Yang Zijiang said. Huang Yan said that the healthy development of promoting the use of mobile intelligent assistants relies on collaborative governance in areas such as technological updates, industry self-discipline, and improved supervision. On the one hand, enterprises should strengthen technological research and development, improve the legality and compliance of user data disposal processes, build more intelligent internal defense systems, monitor and intercept potential network attacks and data leakage risks in real time, and improve the security and privacy protection level of user data. On the other hand, functional departments should actively introduce relevant policies, increase legal regulation and supervision, clarify the relationship between mobile phone manufacturers, third-party large model companies App、 The responsibilities that cloud services and other parties should bear in terms of user data security and confidentiality, and to prevent and respond to privacy leakage risks caused by the use of smartphone assistants. (New Society)