Just send the command "Help me order a cup of coffee" to the phone, and the phone can recognize the user's brand and taste preferences based on time, location, behavior habits, and other information. Then, it can actively open the commonly used food delivery app, complete the order, fill in the delivery address, make payment and other operations, without the need for human operation throughout the process. Such convenient living scenarios have now become a reality. Recently, many mobile phone manufacturers have launched self-developed or integrated third-party intelligent agents, such as Super Love, Blue Heart Intelligence, Bixby, etc. With the support of large-scale models and artificial intelligence (AI) technology, these intelligent agents can become users' "personal assistants" and independently complete operations such as ordering coffee and sending WeChat red envelopes in groups. While enjoying the convenience brought by mobile smartphones, we should also be aware that this convenience is obtained through the transfer of personal privacy data Liu Huiyong, Director of the Department of Information Security and Associate Professor of Cyberspace Security at the School of Computer Science and Technology of Beijing University of Information Science and Technology, told reporters that when AI begins to "take over" mobile phones, the old problem of "exchanging privacy for convenience" reappears in new technology application scenarios. How to protect user privacy is an unavoidable issue for the healthy development of mobile intelligent agents. The barrier free function poses hidden risks. Through reviewing information released at multiple smartphone intelligent agent conferences, reporters found that such intelligent agents are mostly based on AI technology, integrating speech recognition, natural language processing, and multimodal perception capabilities. They have functions such as information query, AI writing, sketch to image transformation, video lock screen, etc., achieving a leap from basic Q&A to active service. Smartphones have become users' "personal assistants". Among them, a small number of mobile phone manufacturers have further improved the natural smoothness of human-computer interaction by incorporating localized end side models. The use of mobile intelligent agents is based on the collection and utilization of a large amount of data. To achieve AI screen reading and simulated clicking functions, users often need to enable accessibility features Associate Professor Li Ruiyuan from the School of Computer Science at Chongqing University said in an interview with reporters. He explained that accessibility is an exclusive feature created by the Android system for people with disabilities, including screen reading, enlarging the screen, automatic clicking, enhancing audio, changing subtitles and other convenient operations, aiming to enable people with disabilities to use smartphones like ordinary people. To achieve the "takeover" of mobile phones, mobile intelligent agents require user authorization to enable accessible service permissions, and then use AI screen reading functions to access all mobile applications and obtain, understand, and analyze screen interface elements like humans, including bank card information, special password keyboards, and chat records. In the end, the simulated human's fingers complete online shopping, transferring funds, downloading software, and other operations on the mobile phone. Liu Huiyong further stated that once users activate the accessibility feature, it is equivalent to installing a universal access card on their phone. When users use voice assistants, intelligent recommendations, and other functions, mobile intelligent agents can obtain privacy data such as geographic location, application usage frequency, WeChat messages, etc. without restrictions. Some mobile intelligent agents will automatically enable accessibility permissions and silently collect user privacy data without the user's knowledge. The contact list, SMS records, call records, and other information in mobile phones are all sensitive information. The operating system usually sets up permission protection mechanisms for it, and mobile applications need to be authorized by the user before they can be obtained Liu Huiyong said, however, the situation is different when users use their mobile smartphones to complete voice messaging, one click red packets, and other operations. This type of operation requires cross application bundling authorization, during which the operating system will open SMS or WeChat permissions to ensure the smooth implementation of related functions. The convenience and privacy risks of technology in safeguarding personal data security are a natural contradiction. The introduction of industry standards and laws and regulations often lags behind the application of technology. Liu Huiyong believes that currently, the data collected and used by mobile intelligent agents flows between multiple entities such as mobile terminal manufacturers, intelligent agent developers, and cloud service providers, and its ownership, use rights, and control rights are difficult to define. Once a data breach occurs, due to the long accountability chain, it is difficult to effectively trace the source. Liu Huiyong gave an example that some mobile smartphones with low security may use accessibility features to automatically send red envelopes in WeChat groups and induce others to click, transferring funds to illegal accounts and causing financial losses to users; Or selling the collected information to third-party companies, causing algorithmic discrimination, etc. Due to the lack of technical specifications and protective mechanisms, even if users suffer losses, it is difficult to recover them through effective means, "said Liu Huiyong. In this regard, Liu Huiyong suggests that mobile phone manufacturers and operating system platforms should continuously improve related technologies, enhance user data disposal processes, build more intelligent internal defense systems, and prevent hidden data abuse issues in the evolution of intelligent agent technology. In addition, Li Ruiyuan suggests that mobile phone manufacturers should provide smartphone intelligent applications that support end-to-end AI as much as possible. Although cloud side AI can provide more convenient services, user data needs to be frequently uploaded to the cloud, which poses a greater risk of privacy exposure. The end side AI supports data calculation and processing on terminal devices such as mobile phones, minimizing data transmission and providing a "more private" technological solution. Ren Longlong, a lecturer at the School of Civil and Commercial Law of Southwest University of Political Science and Law, said that the implementation of technology cannot be separated from the constraints of laws and regulations. Currently, laws such as the Civil Code of the People's Republic of China, the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, and the Personal Information Protection Law of the People's Republic of China, as well as regulations such as the Network Data Security Management Regulations that will come into effect on January 1, 2025, all regulate the use of emerging technologies such as data, personal information, and generative AI. However, as an emerging technology application, there are still some legal ambiguities in mobile intelligent agents. Ren Longlong suggested that functional departments should actively introduce relevant policies and increase regulatory efforts, by building a more refined legal rule system, refining data classification, clearly defining data resource ownership rights, data processing and use rights, data product operation rights, etc., to avoid privacy leakage incidents caused by malicious authorization. In the absence of comprehensive technology and regulations, users should enhance their awareness of security precautions Ren Longlong said that when using mobile intelligent agents, consumers should be cautious in enabling accessibility functions, disabling the intelligent agent's password free payment authorization function, regularly checking mobile privacy reports, and promptly detecting and handling abnormal behavior of the intelligent agent. (New Society)