Baidu’s Android Apps Caught Leaking Sensitive User Data

Home/Data Breach, Mobile Security/Baidu’s Android Apps Caught Leaking Sensitive User Data

Baidu’s Android Apps Caught Leaking Sensitive User Data

Two popular Android apps from Chinese tech giant Baidu caught collecting sensitive user details.

Baidu Android Apps:

In October, Two popular Android apps from Chinese tech giant Baidu, one of China’s largest technology companies, were removed from the Google Play Store.

Now, The two apps in question—Baidu Maps and Baidu Search Box—were found to collect user details and without users’ knowledge, thus making them potentially trackable online.

According to Palo Alto researchers, the full list of data collected by the apps include:

  • Phone model
  • Screen resolution
  • Phone MAC address
  • Carrier (Telecom Provider)
  • Network (Wi-Fi, 2G, 3G, 4G, 5G)
  • Android ID
  • IMSI number
  • International Mobile Equipment Identity (IMEI) number

A separate app named Homestyler was also found to collect private information from users’ Android devices.

Using a machine learning-based algorithm the Palo Alto Networks team traced the data leak to the Baidu Push SDK, also said they also identified a similar data collection code in the ShareSDK developed by Chinese ad tech giant MobTech.

Security Advisories:

The Palo Alto research team said that while the collection of personal user details was not specifically forbidden by Google’s policy for Android apps.

However, after reporting the issue to Google, the Play Store security team confirmed their findings and “identified [additional] unspecified violations” in the two Baidu apps.

NortonLifeLock found the Play Store to be the primary source of malware installs (about 67.5%) on Android devices, in its recent study.

Play Store Security Measures:

Google took steps to secure the Play store and stop the malicious activity, bad actors are still finding ways to infiltrate the app marketplace and leverage the platform for their gain.

Play market defenses against unwanted apps work, but still, significant amounts of unwanted apps are able to bypass them, making it the main distribution vector for unwanted apps.

In conclusion, researchers suggests security steps for the Android users to be followed:

  • Permissions – Take a minute to think about whether or not it really needs that access ( including access to your camera, files, location, etc).

Does a weather app need to access your microphone? Nope. Does a wallpaper app need to access your storage? Nope. That’s a sign the app is likely a scam.

  • Downloading Applications – Educate yourself on the signs of scam apps and then share that info with your kids.
By | 2020-11-25T18:33:02+05:30 November 25th, 2020|Data Breach, Mobile Security|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!