fbpx

Baidu collecting sensitive user data

Baidu apps

Two apps for Android developed by the Chinese tech company Baidu were reported back in October 2020 for gathering sensitive details about its users and have been consequently removed from the official Google Play Store.

Baidu2

The apps in question are Baidu Search Box and Baidu Maps – they were reported by researchers at the security company Palo Alto Networks, who have spotted data-collection code within those apps. The code was found in the Push SDK (Software Development Kit) which shows real time push notifications and is present in both of the apps.

The Baidu apps collected a wide variety of user-related data

Among the details collected by the Baidu apps are carrier information, brand and model of the device, IMSI number, and MAC address. According to the researchers at Palo Alto Networks who found the data-collecting code, the user details that get gathered are mostly harmless but some of the data, such as IMSI code, could potentially be used to track people even when they start using a new phone.

Although Google certainly doesn’t forbid collection of user data, there are restrictions on what and how much data could be collected by the apps uploaded to the store. According to the Palo Alto Networks research team, once they contacted Google with information about the data-collection code found in the Baidu apps, Google not only confirmed the finds but also detected additional violations which, for the time being, have not been specified. This has led to the eventual removal of the two Baidu apps from the Google Play Store.

Baidu1

The data collection behavior wasn’t the reason for removing the apps from the Play Store

A Baidu spokesperson came out with a statement on the 24th of November where they clarified that, while the report from Palo Alto Network caused Google to run an investigation, the reported data collection behavior was not the reason for the removal of the two apps from the Play Store. According to the Baidu spokesperson, the users of the reported Baidu apps had been informed about the data-collection behavior of the apps prior to installation and have given their permission for the latter. Regardless, the other problems and violations that Google detected within the apps during the investigation have been enough for the apps to be taken down from the Store. Baidu has stated that it is currently working towards fixing those problems so that the Baidu Maps and Baidu Search Box could be allowed into the Store again.

On the 26th of November, the Baidu Search Box app made its return to the Google Play Store and Baidu maps is set to also be restored to the Store once its devs have resolved the discovered violations in its code. The two apps had more than 6 million combined downloads before getting taken down from the Play Store.

blank

About the author

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment