These applications are Baidu Maps and Baidu Search Box and removed when Google received a reference by the American security company Palo Alto Networks. These are two very popular applications with millions of downloads.
According to the security company, the two applications contained code designed to gather information about the user's phone model, MAC address, information of the carrier and the IMSI code (International Mobile Subscriber Identity).
Specifically the code was found in Baidu Push SDK, used to display notifications (in real time) in both applications.
Palo Alto Networks security researchers Stefan Achleitner and Chengcheng Xu were the ones who discovered the code that collects data. Some of the data collected is harmless, but there are others such as the IMSI code that “can be used for tracking and tracking a user, even if this o user uses a different phone".
In fact, the Google does not prohibit Android applications from collecting user data. However, the team security of the Play Store reviewed the Palo Alto Networks report, confirmed its findings and "identified [additional] breaches" in the two Baidu applications. For this reason, they were removed from the Play Store at the end of October.
The Baidu Search Box app is back in the Play Store, but Palo Alto Networks said that Baidu developers have removed the collection code data.
However, security researchers have noticed that it is not just the Baidu Push SDK that collects data users. They discovered another code in ShareSDK, created by the Chinese company MobTech.
This SDK is used in more than 37.500 applications, and according to the researchers, collects data such as phone model information, screen resolution, MAC addresses, Android ID, Advertising ID, carrier information and IMSI (International Mobile Subscriber Identity) and IMEI codes ( International Mobile Equipment Identity).
"Android resolution malware indicates that SDKs, such as the Baidu Push SDK or ShareSDK, are frequently used in malicious applications for exporting and transferring device dataSaid Achleitner and Xu, stressing that the two SDKs have been developed for lawful purposes (eg promoting notifications and sharing content on social media), but are often used by malicious developers.