Online convenience may come at a high cost－your privacy

Following a fatal encounter involving a hailed driver earlier this month, companies are taking steps to protect millions of users

As more people enjoy the convenience of smartphone apps to hail a ride, order food or simply deliver a package, security risks remain that pose an increasing threat to personal information, property and even the safety of users.

A young flight attendant was killed, allegedly at the hands of her Didi driver earlier this month, thrusting the safety issue into the spotlight. Chinese ride-hailing behemoth Didi Chuxing confirmed the passenger was using Hitch, which allows people heading to the same destinations to take rides together. Didi claimed the suspect used the Didi account of his father, who has passed the safety measures required by Didi's Hitch business.

To prevent such tragedies from happening again and to boost its overall security, Didi said it will suspend the Hitch service "between 10 pm and 6 am every night."

A function that allows drivers and passengers to post comments about each other will also be taken down to avoid possible vulgar descriptions of women. Personal information and profile pictures of passengers and car-owners will be visible only to the individuals, Didi said in a statement.

Also, driver facial recognition will be made compulsory for every "hitch" trip to minimize the risk of unauthorized account use.

Chen Yinjiang, deputy secretary-general of the China Consumer Protection Law Society, said, "As the service provider, Didi needs to conduct safety checks on drivers and has the responsibility to take more measures to protect the lives and property of passengers, according to the consumer protection law."

He added, "Currently, many mobile phone apps have been fraught with issues such as seeking more permissions than required or collecting more information than what they really need, posing a significant new risk for users."

Chen cited China's new cyber security law, claiming that network operators, defined as owners and administrators of networks and network services providers, are required to collect end user personal data in a legal and proper manner.

The cyber security law came into effect in June 2017, paying more attention to the protection of personal information and individual privacy. According to the law, network product and service providers that collect users' information are required to inform and obtain consent from the users.

"The internet providers should increase the investment to protect personal privacy, establish effective internal management system, set up a department for personal information management and use more technologies to mitigate potential risks," Chen said.

China Internet Network Information Center warned that the country needs to be constantly vigilant, given that there were 772 million netizens by the end of 2017. Of them, 753 million, or 97.5 percent, access the internet from their mobile phones.

A joint report released in January by Chinese internet giant Tencent Holdings Ltd and the Data Center of China Internet showed that over 98 percent of Android apps had access to users' private information. Around 9 percent violated users' privacy.

And almost 82 percent of third-party iOS apps have access to private information and personal features on iPhones.

Having been accused of a variety of privacy and security issues in recent years, US-based ride-hailing giant Uber is now making changes to its app to safeguard passenger privacy and security. One step it will take is to stop storing precise location pick-ups and drop-offs in drivers' history logs.

According to an investigation by US news channel CNN, at least 103 Uber drivers have been accused of sexually assaulting or abusing passengers in the past four years in the United States.

In early April, Uber announced a complete redesign of the drivers' app, including a button in the app to connect passengers and the 911 emergency system. And it also announced it will run drivers' criminal background checks every year.

Zhang Jian, deputy secretary-general of the Cybersecurity Association of China, said at an early mobile safety summit forum in Beijing that both the government, enterprises and individual users should prepare better for potential security risks.

"The massive user base and the booming mobile internet can mean smartphones will pose major cyber security issues. There is a need for a better mechanism to manage and supervise the industry as well."

As part of its broader efforts to boost security, Didi said a "zero tolerance policy" will be implemented to ensure a proper driver-vehicle match for all of Didi's services. The company will ask every driver on Didi's platform to pass a facial recognition test at the start of every day they work.

Also, a separate report and reward program will be created to encourage all users to report mismatch cases.

The incident involving Didi also motivated other Chinese internet companies to beef up security protection of their users' personal information.

Meituan-Dianping, the country's largest on-demand service provider, said it will invest 100 million yuan ($15.8 million) to protect users' privacy this year.

The company has added a privacy protection function into its takeout system, which enables users to hide their personal information, including the mobile phone number, when ordering takeouts through its platform.

Both merchants and delivery drivers can only contact customers through a "virtual number" to prevent customers from privacy disclosure and nuisance calls.

Also, the platform can protect privacy of customers who give negative feedback to merchants or drivers, as the feedback will be anonymous and will only be displayed beginning three days after the comments were filed.

Covering a wide range of business, from takeout to ride-hailing, Meituan-Dianping is the country's largest group-buying and dining information platform. More than 320 million active users and over 4 million merchants use its platforms.

"We think that privacy protection is a very important part of corporate social responsibility, and that's why we plan to invest 100 million (yuan) in privacy protection," Wang Xing, chief executive of Meituan-Dianping, said in a news briefing.

The Beijing-based company said it has scrambled to establish a well-rounded data and privacy-protection system, including access control, intrusion detection, virus protection and vulnerability detection to protect both products and data.

The company also recently established the Meituan-Dianping Security Response Center. The center encourages people to be whistleblowers regarding behaviors that violate rules or regulations by anyone on the platform.

By giving incentives to customers who provide with clues on irregular outside behaviors related to the platform, including underground data exchanges, the platform hopes to join forces with the online community in protecting privacy.

Xiang Ligang, chief executive of telecom industry website Cctime, said internet companies have to work hard to ensure that users can get great experience from their products without putting privacy at risk.

"More efforts are needed to strike a balance between a convenient user experience and strict privacy protection. That's the key to ensuring long-term development," Xiang said.

He said companies need to make more elaborate explanations about their privacy policies so consumers can understand when and how their information is stored and processed, as well as what they can do when their privacy is compromised.

Most apps' default features, for instance, allow internet companies to access users' location information all the time. But that is unnecessary, since users' location should only be available when apps must access such information, to prevent possible misuse, Xiang said.