Friday, January 15, 21:51
Home security Baidu Android applications collect user data

Baidu Android applications collect user data

Baidu Android applications

Two Android apps belonging to Chinese technology company Baidu have been removed from the official Google Play Store, as it was found that collect sensitive data users.

These applications are Baidu Maps and Baidu Search Box and removed when Google received a reference by the American security company Palo Alto Networks. These are two very popular applications with millions of downloads.

According to the security company, the two applications contained code designed to gather information about the user's phone model, MAC address, information of the carrier and the IMSI code (International Mobile Subscriber Identity).

Specifically the code was found in Baidu Push SDK, used to display notifications (in real time) in both applications.

Palo Alto Networks security researchers Stefan Achleitner and Chengcheng Xu were the ones who discovered the code that collects data. Some of the data collected is harmless, but there are others such as the IMSI code that “can be used for tracking and tracking a user, even if this o user uses a different phone".

In fact, the Google does not prohibit Android applications from collecting user data. However, the team security of the Play Store reviewed the Palo Alto Networks report, confirmed its findings and "identified [additional] breaches" in the two Baidu applications. For this reason, they were removed from the Play Store at the end of October.

The Baidu Search Box app is back in the Play Store, but Palo Alto Networks said that Baidu developers have removed the collection code data.

data

However, security researchers have noticed that it is not just the Baidu Push SDK that collects data users. They discovered another code in ShareSDK, created by the Chinese company MobTech.

This SDK is used in more than 37.500 applications, and according to the researchers, collects data such as phone model information, screen resolution, MAC addresses, Android ID, Advertising ID, carrier information and IMSI (International Mobile Subscriber Identity) and IMEI codes ( International Mobile Equipment Identity).

"Android resolution malware indicates that SDKs, such as the Baidu Push SDK or ShareSDK, are frequently used in malicious applications for exporting and transferring device dataSaid Achleitner and Xu, stressing that the two SDKs have been developed for lawful purposes (eg promoting notifications and sharing content on social media), but are often used by malicious developers.

Source: ZDNet

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Android: How to see which apps have access to your site

It's no secret that smartphone apps have access to many permissions - if you let them. It is important to make sure ...

Canon lets you take pictures from space

Instead of releasing new cameras for CES 2021, Canon is doing something different: It lets you take pictures from space ....

Wikipedia vs Big tech: Who fights misinformation?

As Election Day turned into US Election Week, Facebook, Twitter and YouTube were trying to prevent ...
00:02:36

Tesla: It is called to recall cars due to problematic screens

The touch screen in some Tesla cars seems to have a problem, which could ...

Ransomware is responsible for half of all data breaches in hospitals

Almost half of the data breaches committed in hospitals and the wider healthcare sector are due to ransomware attacks, ...

Astronomers have just found the oldest oversized black hole

A quasar was discovered in a dark corner of space - over 13,03 billion light-years away - and contains a ...

What are the best and most affordable 5G phones for 2021

The market will soon be flooded with mid-range 5G devices. Everything that happens will be really exciting: you will be able to ...

Verified Twitter accounts in a cryptocurrency scam with the name of Elon Musk violated!

Lately, hackers have been violating verified Twitter accounts in a cryptocurrency giveaway scam, in which the name of the CEO is used ...

Classiscam: Fraudsters "fake" brands and deceive users of European markets!

Dozens of criminal gangs publish fake ads in popular online markets, to attract unsuspecting users to "fraudulent" commercial sites or phishing ...

iOS 14.4: Displays a notification for repairs with non-genuine cameras

Starting with the iPhone 11, Apple has added a notification to iOS that tells the user when the device has a ...