{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微信又上了熱搜。微信上熱搜不奇怪,微信做個拍一拍都能上熱搜,微信的功能更新寫「解決了一些已知問題」都能上熱搜。但是微信不告知用戶讀取隱私信息能上熱搜,這我就奇怪了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我和微信團隊有過很多次交流,在我看來微信是非常注重保護用戶隱私的團隊,於是我決定了解一下這個事情的來龍去脈。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"起因是什麼呢?有用戶開啓了 iOS 15 的隱私新特性「紀錄 App 活動」,對所有 App 的隱私相關數據行爲進行了好幾天的監控,同時使用了 App Privacy Insights 進行了日誌記錄。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"App Privacy Insights 是一款 iOS 上的第三方應用隱私查看工具,通過統計 iOS 系統裏有記錄行爲的 App 活動數據,記錄每個應用的隱私權限訪問情況。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"監控發現,微信在未激活的狀態下,在後臺數次讀取用戶相冊,每次讀取時間長達一分鐘。微信讀用戶相冊幹嘛呢?未經用戶允許上傳到雲端嗎?還是去做推薦算法的材料了,想想是不是挺可怕的?","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這不是一件小事,所以微信官方也快速給出了回覆:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iOS 系統爲 App 開發者提供相冊更新通知標準能力,相冊發生內容更新時會通知到 App,提醒 App 可以提前做準備,App 的該準備行爲會被記錄成讀取系統相冊。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在用戶授權微信可以讀取系統相冊權限的前提後,爲便於用戶在微信聊天中按加號時可以快速發圖,微信使用了該系統能力,使用戶發送圖片體驗更快速流暢。上述行爲均僅在手機本地完成,最新版本中我們將取消對該系統能力的使用,優化快速發圖功能。","attrs":{}}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是個合理的解釋嗎?還是微信悄悄在後臺讀圖,累了之後出來再打打太極呢?或者就是 iOS 的機制導致的。我仔細讀了 iOS 的接口文檔,也就是這篇:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://developer.apple.com/documentation/photokit/phphotolibrary/observing_changes_in_the_photo_library/","title":"","type":null},"content":[{"type":"text","text":"https://developer.apple.com/documentation/photokit/phphotolibrary/observing_changes_in_the_photo_library/","attrs":{}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"講得是 Observing Changes in the Photo Library,就是通過註冊一個觀察者,接受相冊變更的通知,其實就是個觀察者模式。微信應該是用了這個模式實現微信的「快速發圖」功能,導致了開發者觀察到的現象。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡單來說,熱搜上說的事,和微信的「快速發圖」功能有關係。爲了更好的使用「快速發圖」這個功能,微信需要對相冊的更新進行觀察,註冊了這個「觀察者」,對相冊的更新進行預觀察,這個行爲被記錄成了 App 主動讀取相冊的行爲。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我的 iOS 和微信都是最新版本,我用網絡監控軟件長時間觀察了自己手機的流量信息,沒有發現照片被微信相關的線程傳到雲端的現象。事實上,如果微信突然把我 130 多 G 照片都傳他們家雲上,得耗費多少流量和功耗啊。這些異常現象都沒有發生。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"那這個「快速發圖」功能到底是啥呢?其實咱們平時都用。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你剛剛截屏,或者編輯好圖片,首次進入微信對話框,按右側的「+」,右下角,也就是加號的上方就會出現你可能要發送的圖片。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/8b/8b67fba613e338e3dec3844c85335df2.jpeg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就是這個功能,可以幫助用戶少操作幾步,發送自己最可能想要發送的照片。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"那爲什麼微信會多次訪問相冊,甚至夜間訪問呢?其實就是那個註冊接口的功勞:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個協議 PHPhotoLibraryChangeObserver 能讓我們通過觀察者模式,知道照片相冊庫的改變,開發者可以基於 PHPhotoLibraryChangeObserver 協議,通過 PHPhotoLibrary 裏的這個方法 registerChangeObserver,將某個對象註冊爲觀察者,隨時接收照片改變的消息。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iOS 提供了這個相冊更新通知的能力,這樣可以在照片內容發生更新的時候通知到 App,並識別改變的內容,從而實現需要掃描整個相冊才能實現的功能。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"關鍵在於什麼呢,在 iOS 15裏,觀察 - 通知行爲被識別成了讀取相冊,就像是 App 一直在掃描相冊一樣。也就是說,iOS 15 的隱私新特性「記錄App活動」,把 iOS 自己的接口行爲記錄成了讀取相冊。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這很可能是個 iOS 的 bug,或者說,iOS 不再建議開發者使用這個觀察者接口了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據我我瞭解,不少國民 App 都採用了這個接口。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲什麼微信會多次訪問相冊,甚至包括夜間呢?這就和 iOS 系統的調度有關係了,人家是個大管家,它會在系統空閒時間給微信發指令,提醒微信做一些預準備工作。這種後臺喚醒機制叫 background fetch,喚醒時機系統定,App 是無法控制的。一般 CPU 空閒的時候更容易收到類似指令。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微信的快速發圖功能,其實就是一個預準備,在你想發送最新一張照片的時候,給你準備好,省得再去顯示照片庫,然後選擇。如果你想發的圖片不是系統選中的那張,那你再自己選好了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就這麼簡單。不過,現在既然 iOS 15 的隱私新特性這麼記錄這個接口的行爲,估計各大廠商不會用這個接口了。最終的結果就是,要麼 iOS 改動,要麼 App 改用其他方式實現預觀察的功能。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在我印象裏,iOS 和 微信,算是兩個最注重隱私保護的產品了吧,也是我使用最多的產品。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就這樣,洗洗睡吧。明天又週末了。","attrs":{}}]}]}
微信頻繁讀取 iOS15 用戶的相冊?
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微信又上了熱搜。微信上熱搜不奇怪,微信做個拍一拍都能上熱搜,微信的功能更新寫「解決了一些已知問題」都能上熱搜。但是微信不告知用戶讀取隱私信息能上熱搜,這我就奇怪了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我和微信團隊有過很多次交流,在我看來微信是非常注重保護用戶隱私的團隊,於是我決定了解一下這個事情的來龍去脈。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"起因是什麼呢?有用戶開啓了 iOS 15 的隱私新特性「紀錄 App 活動」,對所有 App 的隱私相關數據行爲進行了好幾天的監控,同時使用了 App Privacy Insights 進行了日誌記錄。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"App Privacy Insights 是一款 iOS 上的第三方應用隱私查看工具,通過統計 iOS 系統裏有記錄行爲的 App 活動數據,記錄每個應用的隱私權限訪問情況。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"監控發現,微信在未激活的狀態下,在後臺數次讀取用戶相冊,每次讀取時間長達一分鐘。微信讀用戶相冊幹嘛呢?未經用戶允許上傳到雲端嗎?還是去做推薦算法的材料了,想想是不是挺可怕的?","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這不是一件小事,所以微信官方也快速給出了回覆:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iOS 系統爲 App 開發者提供相冊更新通知標準能力,相冊發生內容更新時會通知到 App,提醒 App 可以提前做準備,App 的該準備行爲會被記錄成讀取系統相冊。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在用戶授權微信可以讀取系統相冊權限的前提後,爲便於用戶在微信聊天中按加號時可以快速發圖,微信使用了該系統能力,使用戶發送圖片體驗更快速流暢。上述行爲均僅在手機本地完成,最新版本中我們將取消對該系統能力的使用,優化快速發圖功能。","attrs":{}}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是個合理的解釋嗎?還是微信悄悄在後臺讀圖,累了之後出來再打打太極呢?或者就是 iOS 的機制導致的。我仔細讀了 iOS 的接口文檔,也就是這篇:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https://developer.apple.com/documentation/photokit/phphotolibrary/observing_changes_in_the_photo_library/","title":"","type":null},"content":[{"type":"text","text":"https://developer.apple.com/documentation/photokit/phphotolibrary/observing_changes_in_the_photo_library/","attrs":{}}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"講得是 Observing Changes in the Photo Library,就是通過註冊一個觀察者,接受相冊變更的通知,其實就是個觀察者模式。微信應該是用了這個模式實現微信的「快速發圖」功能,導致了開發者觀察到的現象。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"簡單來說,熱搜上說的事,和微信的「快速發圖」功能有關係。爲了更好的使用「快速發圖」這個功能,微信需要對相冊的更新進行觀察,註冊了這個「觀察者」,對相冊的更新進行預觀察,這個行爲被記錄成了 App 主動讀取相冊的行爲。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我的 iOS 和微信都是最新版本,我用網絡監控軟件長時間觀察了自己手機的流量信息,沒有發現照片被微信相關的線程傳到雲端的現象。事實上,如果微信突然把我 130 多 G 照片都傳他們家雲上,得耗費多少流量和功耗啊。這些異常現象都沒有發生。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"那這個「快速發圖」功能到底是啥呢?其實咱們平時都用。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果你剛剛截屏,或者編輯好圖片,首次進入微信對話框,按右側的「+」,右下角,也就是加號的上方就會出現你可能要發送的圖片。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/8b/8b67fba613e338e3dec3844c85335df2.jpeg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就是這個功能,可以幫助用戶少操作幾步,發送自己最可能想要發送的照片。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"那爲什麼微信會多次訪問相冊,甚至夜間訪問呢?其實就是那個註冊接口的功勞:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這個協議 PHPhotoLibraryChangeObserver 能讓我們通過觀察者模式,知道照片相冊庫的改變,開發者可以基於 PHPhotoLibraryChangeObserver 協議,通過 PHPhotoLibrary 裏的這個方法 registerChangeObserver,將某個對象註冊爲觀察者,隨時接收照片改變的消息。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"iOS 提供了這個相冊更新通知的能力,這樣可以在照片內容發生更新的時候通知到 App,並識別改變的內容,從而實現需要掃描整個相冊才能實現的功能。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"關鍵在於什麼呢,在 iOS 15裏,觀察 - 通知行爲被識別成了讀取相冊,就像是 App 一直在掃描相冊一樣。也就是說,iOS 15 的隱私新特性「記錄App活動」,把 iOS 自己的接口行爲記錄成了讀取相冊。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這很可能是個 iOS 的 bug,或者說,iOS 不再建議開發者使用這個觀察者接口了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"據我我瞭解,不少國民 App 都採用了這個接口。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"爲什麼微信會多次訪問相冊,甚至包括夜間呢?這就和 iOS 系統的調度有關係了,人家是個大管家,它會在系統空閒時間給微信發指令,提醒微信做一些預準備工作。這種後臺喚醒機制叫 background fetch,喚醒時機系統定,App 是無法控制的。一般 CPU 空閒的時候更容易收到類似指令。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"微信的快速發圖功能,其實就是一個預準備,在你想發送最新一張照片的時候,給你準備好,省得再去顯示照片庫,然後選擇。如果你想發的圖片不是系統選中的那張,那你再自己選好了。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就這麼簡單。不過,現在既然 iOS 15 的隱私新特性這麼記錄這個接口的行爲,估計各大廠商不會用這個接口了。最終的結果就是,要麼 iOS 改動,要麼 App 改用其他方式實現預觀察的功能。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在我印象裏,iOS 和 微信,算是兩個最注重隱私保護的產品了吧,也是我使用最多的產品。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"就這樣,洗洗睡吧。明天又週末了。","attrs":{}}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章