What are the security risks of users' online transaction verification codes being stolen by SDK?

According to the Basic Specification for Collecting Personal Information by Mobile Internet Application (App) and the Identification Method for Illegal Collection and Use of Personal Information by App, technicians have tested more than 50 pieces of mobile phone software, which contain SDK plug-ins of Shanghai Keruixin Information Technology Co., Ltd. and Beijing Cai Zhao Wangwang Information Technology Co., Ltd. respectively. Without the user's knowledge, The suspicion of secretly stealing users' privacy involves more than 50 kinds of mobile phone software, such as Gome Easy Card, remote control, the strongest flashlight, all-around remote control, 9 1 speed purchase, daily recycling, flash delivery, radish mall, Zijin Pratt & Whitney and so on.

Inspector: It will read the IMEI, IMSI, operator information, telephone number, short message record, address book, application installation list and sensor information of this device, which belong to the user's privacy, and it will read it.

The SDK in these apps is only the first step to read user privacy information. After reading, the data will be quietly transferred to the designated server for storage. In addition to personal privacy such as phone number and address book, the SDK of Beijing Cai Zhao Want Want Information Technology Co., Ltd. is even suspected of stealing more private information from users through various software such as recipes, parents' help and dynamic wallpaper.

Testers: will collect the user's contact information, SMS, location, equipment information, etc. Without the user's consent. Especially short messages, the content is gone, very serious. This is the real SMS record that exists in my mobile phone. Who is its downlink number and what is its short message content can be clearly seen. In addition, although SDK is just a seemingly ordinary plug-in, because it is common to all mobile apps, many mobile phone softwares may be embedded in the same SDK, so once an SDK steals users' personal privacy, it will involve many mobile phone softwares. ?

?