Min menu


Baidu collects sensitive user data



 In October, Google removed two popular Android apps from the Google Play Store because of the collection of sensitive user data.

The two applications — Baidu Maps and Baidu Search Box from Chinese technology giant Baidu — combine device ids without users' knowledge, making them internet-trackable.

The network security company Palo Alto Networks found out and reported its findings to Baidu and Google.

This prompted Google to remove Baidu Maps and Baidu Search Box on October 28, citing unspecified violations.

On November 19, Google reinstated the conditional Baidu Search Box app to the Google Play Store, while Baidu Maps remains unavailable until unresolved issues are fixed, highlighted by Google.

A separate app called Homestyler was also found collecting sensitive user data from Android devices.

According to Palo Alto Networks researchers, the full list of data collected by the applications includes:

  • Phone model.
  • Screen resolution
  • Telecommunications company.
  • Network (Wi-Fi, 2G, 3G, 4G, 5G).
  • Android ID.
  • IMSI.
  • IMEI.
  • MAC address.

Palo Alto Networks used a machine learning algorithm designed to detect abnormal spyware traffic.

It found that the leak was linked to Baidu's PushSDK software development tools and ShareSDK software development tools from the Chinese company MobTech, supporting some 37,500 applications, including more than 40 social media platforms.

 Bad actors are still finding ways to infiltrate the app market and take advantage of the platform to make gains, even though Google has taken steps to secure its app store and stop malicious activity.

An academic study published by researchers from NortonLifeLock earlier this month found that Google Store is the main source of malware stabilization (about 67.5 percent) within Android devices.

The study was based on an analysis of application installations within 12 million devices between June and September 2019, in part because of the platform's wide popularity.

The researchers said: Google Store's defenses work against unwanted applications, but there are still large amounts of unwanted applications capable of overcoming them, making the platform a major vector for the distribution of unwanted applications.