小鴨幹線-私隱和安全 (User Privacy and Security)

私隱和安全

在下文,

「指定伺服器」指 (1) 由HKJunkCall.com指定、任何用於包括供用戶上載報告,或撿查或下載資料庫的器材,及 (2) 由作者控制、用於和上述(1)同樣用途、或亦用於與本程式通訊,以提供包括接收用戶提交資料或下載供程式運作用途的更新運作資料等功能的的器材;及

「用戶ID」指一個在電話上初次安裝本程式時,由程式產生的ID。產生該ID時,並無使用任何電話裝置或SIM咭上的獨一辨識碼,因此該ID並沒有
包含任何訊息,可籍以透露用戶身份、或配對用戶在其他程式(以至本程式重新安裝後)於同一裝置上所進行的活動。

當你透過這個程式從伺服器下載資料或向其提交資料,一些與用戶相關的資料會提供予指定伺服器(見下文)。

透過這個程式存取指定伺服器,即代表你同意向指定伺服器及其操作方提供有關資料。

雖然這個程式要求一些可取得敏感資料的權限,如聯絡人和通話記錄,但這些都是為程式按用戶設定而能正常運作所需的。就作者所知,這個程式除以下列出的情況外,不會將任何與用戶相關的資料送到任何伺服器:

  1. 透過程式從指定伺服器檢查更新資料或要求下載資料時,指定伺服器能夠看到或儲存用戶裝置的IP地址和HTTP代理字串。
  2. 當您向指定伺服器回報電話資料(不論自動、即時或排期回報),上述(1)同樣適用,此外,你提供的資料(如電話號碼,及你輸入的資料)以及對辨識用戶沒有明顯作用的一般性的附助資料(如通話時間,響鈴時間),
    也會傳送至指定伺服器。
  3. 用戶ID會在與指定伺服器的部份通訊中上傳,供指定伺服器處理用途。

除上述之外,程式不會發送其可接觸到的任何其他資料到任何地方,包括但不限於你接到或打出的電話的詳情,聯絡人名單及通話記錄。本程式並沒有包含任何其他各方提供的非開源組件(如廣告商軟件庫或Google Play
Service組件)。按作者所知,程式所包括的組件也是“安全”的,不會向任何服務器報告資料,如廣告相關的追踪和分析資料,或你使用程式的情況/分析資料。

請注意,與HKJunkCall.com的部份通訊,是以沒有加密的方式發送,當你要求從程式中打開瀏覽器,以從HKJunkCall.com網頁搜索某電話號碼的資料、以及向HKJunkCall.com回報電話資料時,有關的要求以沒有加密的方式發送,不只是HKJunkCall.com,網絡路徑中間的各方也可記錄
或轉發有關的要求。此外,從程式中打開瀏覽器,網頁亦可將HTTP cookies儲存到瀏覽器。

在程式錯誤導致關閉的情況下,Android可能會顯示一個對話框,讓用戶選擇發送錯誤報告回到Google。這屬於電話上Google服務(而非本程式)的一部份。在這情況下,若用戶同意,報告將被發送到Google。而新版本Android亦預設會自動發送錯誤報告。

作者則只能得到當中由Google所允許提供的有限資料,即由用戶撰寫的訊息,程式關閉時的Stack Trace,設備型號及提交日期。其他資料,如用戶身份和詳細的電話日誌資料,將只由Google使用。

另外,如果你開啟了Google及其他供應商的任何備份服務,你的Android電話上的程式及數據,包括此程式和所有數據,均可能發送給Google或相關供應商,當中包括攔截電話的紀錄(電話號碼和日期/時間),向指定伺服器回報電話的歷史紀錄,和用戶創建的自訂名單(如黑名單)。此外,在經修改的Android上,其它由供應商提供的系統組件,及由用戶安裝的其他程式(特別是獲得root權限的程式,例如用以備份應用程式和數據的軟件)均可以取得本程式儲存的上述資料,或以其他方式追踪用戶如何使用本程式。所有這些情況,均是由另一方(在有或沒有用戶同意下)進行操作。作者絕對沒有控制權及任何責任。

User privacy and Security

In the following,

“the servers” refers to (1) any equipment designated by HKJunkCall.com for purposes including upload of user reports, and checking and download of database; and (2) any equipment controlled by the author for the same purposes as to (1) above, or otherwise communicate with the program to provide functions including receiving submissions by users or download of updated operation information for the operation of the program; and

“user ID” refers to an ID generated by this program upon your initial installation on a phone. The user ID is generated without using any
unique identifiers on the phone or SIM card, and therefore does not contain any identifiable information which could reveal your identity
or enable matching of your activities on other programs or re-installation of the program on the same phone.

This program will provide some user related information to the servers when you use it to access the services provided (see below). By accessing the servers using this program you agree to provide to the servers and their controlling parties the information as elaborated below.

While this program requests permissions to access sensitive information such as contacts and call logs, these are ONLY for the correct functioning of the program as directed by the user. To the best of the author\’s knowledge, this program does not report any user related information to any server, except under the following circumstances:

  1. When checking for information updates or downloading information from the servers using the program, the servers would be able to see and store your IP address and the HTTP-Agent string from your device.
  2. When you submit phone call reports to the servers (whether such reports are sent automatically, immediately or under schedule), besides (1) above, the information you specified (i.e. phone number, and details you entered) together with general metadata which would not have significant use for identification of the user (e.g. call time, ring time) will also be send to the servers.
  3. The user ID is sent in some communications with the servers for processing purposes of the servers.

Besides the above, the program will not send any other information it has access to, including but not limited to details of your incoming or outgoing calls, contacts or call logs to any parties. The program does not include any component from other parties which are not open-sourced (such as advertisement libraries or google play services). To the best of the author’s knowledge, the components included in the program are “safe”, and would not report information such as ad-related tracking or profiling information or your usage / analytics information to any server.

Please note that some communication with HKJunkCall.com is done on unsecured plain text. When open a browser from the program to search for information about a phone number from HKJunkCall.com, or submit phone call reports to HKJunkCall.com, besides HKJunkCall.com, the request may be relayed or recorded by any intermediate parties on your Internet route to HKJunkCall.com. In addition, HTTP cookies might be stored on your browser when you open a browser to browse web pages.

In case the app crashes, Android may display a dialog allowing the user to send a bug report back to Google. This is from Google services on the device, rather than the program. In such cases crash reports will be sent to Google upon user consent. In newer versions of Android, such reports will be automatically sent by default.

The author will have limited access to the crash information as allowed
by Google, i.e. the user submitted message, the stack trace, device model and date. Other information, such as user identity and the detailed log, will only be available to Google.

Also, if you use any backup service provided by Google or other vendors to backup your Android program and data, this program and all its data may be send to Google or the vendor – including, among others, history of phone calls blocked by the application with phone number and date / time information, history of reporting of calls to the servers, and user-created lists (such as black lists).

Furthermore, other system components in a modified Android
system provided by vendors, or other apps that the user installed (especially when given root permission, e.g. applications to backup other apps and data), may also have access to such information stored by this app, or otherwise track user’s usage of this app. In all these cases, the operation is performed by another party (with or without the user’s consent). The author has absolutely no control nor responsibility for any consequences.