Baidu's Android Apps Caught Collecting Sensitive User Details

Two Android applications belonging to Chinese tech giant Baidu were removed from the official Google Play Store at the end of October after they were caught collecting sensitive user details. From a report: The two apps -- Baidu Maps and Baidu Search Box -- were removed after Google received a report from US cyber-security firm Palo Alto Networks. Both apps had more than 6 million downloads combined before being removed. According to the US security firm, the two apps contained code that collected information about each user's phone model, MAC address, carrier information, and IMSI (International Mobile Subscriber Identity) number. The data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps. Palo Alto Networks security researchers Stefan Achleitner and Chengcheng Xu, who identified the data collection code, said that while some of the collected information is "rather harmless," some data like the IMSI code "can be used to uniquely identify and track a user, even if that user switches to a different phone." The research team said that while the collection of personal user details is not specifically forbidden by Google's policy for Android apps after they reported the issue to Google, the Play Store security team confirmed their findings and "identified [additional] unspecified violations" in the two Baidu apps, which eventually led to the two apps being removed from the official store on October 28.

Read more of this story at Slashdot.

from Slashdot https://ift.tt/33e5qyT

Share on FacebookPlus on Google+

SUBSCRIBE TO OUR NEWSLETTER