In recent times, China has become the breeding ground for criticism from all around the world, be it for Coronavirus, China’s State-Sponsored Hacking or China’s concentration camp. As if that was not enough already, its back in news once again. But this time around, its China’s Baidu Androids apps, who were caught stealing user data.
Baidu is a company that offers a search engine as well as a detailed map, and in this manner, it is in many ways the Chinese equivalent of Google. While Baidu’s influence is mainly in the country of China itself, it has offered its applications on the Google Play Store for anyone to end up using even if they don’t currently live in China.
The two apps —Baidu Maps and Baidu Search Box— were removed after Google received a report from US cyber-security firm Palo Alto Networks claiming that the two apps contained code that collected information about users.
As of writing, a compliant version of Baidu Search Box has been restored to the Play Store on November 19, while Baidu Maps remains unavailable until the unresolved issues highlighted by Google are fixed.
A separate app named Homestyler was also found to collect private information from users’ Android devices.
According to Palo Alto Networks, the data collection code was found in the Baidu Push SDK, used to show real-time notifications inside both apps.
The Palo Alto researchers further mentioned that the data collected by the apps include Phone model, Screen resolution, Phone MAC address, Carrier (Telecom Provider), Network (Wi-Fi, 2G, 3G, 4G, 5G), Android ID, IMSI number and International Mobile Equipment Identity (IMEI) number.
While some of this information, such as screen resolution, is rather harmless, data such as the IMSI can be used to uniquely identify and track a user, even if that user switches to a different phone and takes the number. The IMEI is a unique identifier of the physical device and denotes information such as the manufacturing date and hardware specifications.
With the help of a machine learning (ML)-based spyware detection system, Unit 42 researchers identified multiple Android applications on Google Play that were leaking data, i.e. Baidu Search Box and Baidu Maps, which had been downloaded a combined 6 million times in the U.S.
In an email today, a Baidu spokesperson said that while the data collection behaviour at the centre of the initial Palo Alto Networks report triggered an investigation from Google’s team, the data collection behaviour was not the reason the two apps were taken off the Play Store in the first place, as the Chinese company had obtained permission from users to collect this info from users.
It’s important for various users to keep these kinds of things in mind since a lot of the apps that you might trust completely are actually going to be rather dangerous for you if you value the protection of the data that people can use to learn every single thing about you.
At the end of the day, it’s important for users to be aware of the possibility of their data getting leaked. Hence, they need to make sure that they don’t blindly trust the best of apps out there.
This is a regular problem not only for the Android ecosystem but for the entire online app world, with many apps collecting sensitive user details without restriction in the absence of legislation that specifically prohibits such practices.