The inability of Doubao Phone Assistant to "log in" to WeChat: With the rise of edge AI, how to protect user data privacy

Will Doubao Phone Assistant's automation trigger a forced logout of WeChat accounts?

On December 3rd, reporters from The Paper learned that multiple netizens expressed on social media that users operating tasks with Doubao Phone Assistant on the Nubia M153 encountered issues where WeChat would crash or even fail to log in.

Several users of Doubao Phone confirmed the authenticity of this news to reporters.

Reporters found that the engineering version of the Doubao Assistant preview can currently use WeChat normally, but the phone operation function of Doubao Assistant no longer supports operating WeChat.

In response, a WeChat representative told reporters from The Paper: "There are no special actions; it may have triggered existing security risk control measures."

It is noteworthy that despite its recent release, the public discourse surrounding Doubao Phone has been rising sharply. Many services of AI phones require access to users' private information to function, and how to protect user privacy remains a gray area for AI phones.

Previously, on December 1st, the Doubao team from ByteDance released the technical preview of Doubao Phone Assistant, which is an AI assistant software developed in collaboration with phone manufacturers at the operating system level based on the Doubao APP. It was officially announced to first land on the Nubia M153, a phone brand under ZTE, also known as "Doubao Phone," which once sparked a wave of price hikes for acquisitions.

The deepening of edge AI and collaboration with phone manufacturers is an important trend in the industry. According to an analysis by CITIC Securities, the cooperation between ZTE and Doubao marks a new stage of ecological synergy between consumer electronics manufacturers and internet giants. It is expected that by 2026, the global penetration rate of AI phones will exceed 35%. Huachuang Securities pointed out that the deep integration of Doubao's large model as a system-level capability will significantly broaden the application boundaries of AI models and promote the implementation of AI functions in more scenarios.

In terms of functionality, Doubao Phone Assistant can automatically switch between multiple applications based on user commands, helping users complete tasks such as checking tickets, booking tickets, placing orders for goods, batch downloading files, and one-click querying logistics progress across multiple software. It can also automatically compare prices on e-commerce platforms and order takeout, but it has encountered challenges in using WeChat.

The data security issues of AI landing on mobile terminals remain a focal point of concern for all parties.

A technician from a technology company told reporters that tests on Nubia phones equipped with Doubao Phone Assistant found that Doubao has INJECT_EVENTS permissions, allowing applications to inject simulated user input events into the system. In Android's permission definitions, INJECT_EVENTS (injection permission/injection events) is classified as a high-risk permission of the operating system. Previously, hackers who broke through operating system restrictions to obtain this permission faced criminal responsibilities for intruding into computer systems.

"In other words, Doubao Phone Assistant is essentially set up as part of the operating system, rather than as an external third-party software," the technician told reporters from The Paper. "It is impossible to download a phone assistant with similar permissions from an app store and install it on any phone; it must be deeply bundled with the phone." "The technician stated.

Only AI assistants developed or authorized by mobile phone manufacturers can possess this cross-application operational capability. Third-party AI applications (such as ChatGPT) can only remain within the chat box, no matter how intelligent they are, as they lack this permission and cannot truly operate the phone. This also means that if relevant permissions are completely opened to ordinary apps, it may pose certain security risks.

Explanation of user privacy permissions provided by Doubao Assistant

In response, Doubao stated to The Paper that INJECT_EVENTS is indeed a system-level permission, and its technical implementation relies on Android system-level permissions, which have stricter usage restrictions. Only with this permission can related products simulate click events across screens and applications to fulfill user task requirements. Doubao mobile assistant does not engage in any hacking behavior and requires user authorization to operate the phone. The permissions used at the technical level are clearly disclosed in the permission list.

Industry insiders also indicated that INJECT_EVENTS is a commonly used system permission for mobile assistants, and native assistants from mobile manufacturers like Xiaomi's Xiao Ai and Honor's Yoyo also possess this permission.

However, the core permissions of the operating system and hardware access are critical to mobile manufacturers and are difficult to easily hand over to third-party large model manufacturers, including "super apps" on the phone.

According to the "Tencent WeChat Software License and Service Agreement," users are prohibited from using any third-party tools, scripts, bots, or other unofficial clients to manipulate WeChat accounts. The prohibited behaviors include: logging into or using this software and services through third-party software, plugins, cheats, or systems not developed or authorized by Tencent, performing automated operations, or creating, publishing, or disseminating the aforementioned tools and methods.

Currently, AI phones are still in a legally ambiguous area regarding the invocation of specific privacy data.

"As a super app, WeChat needs to take professional and prudent security risk control measures when dealing with other internet products and services," said Zhai Wei, executive director of the Competition Law Research Center at East China University of Political Science and Law, to The Paper. If there are concerns about security risks from other software, conclusive and sufficient evidence should be provided before taking corresponding legal and regulatory measures.

"Leading internet platform companies are the main practitioners and driving forces for the implementation of AI on mobile phones. These leading platform companies can actively promote the establishment of industry safety standards for AI on mobile phones under the guidance of regulatory authorities, avoiding obstacles to industry development due to inconsistent safety standards," Zhai Wei stated.

In the context of AI on mobile phones, leading enterprises should engage in fair competition in terms of products, services, and technology, and promote interoperability between their products and services as necessary, enhancing consumer convenience and smoothness, and advancing the construction of a unified large market in the online field Risk Warning and Disclaimer

The market has risks, and investment requires caution. This article does not constitute personal investment advice and does not take into account the specific investment goals, financial situation, or needs of individual users. Users should consider whether any opinions, views, or conclusions in this article are suitable for their specific circumstances. Investment based on this is at one's own risk