SECURITY
SECURITY
SECURITY
Android apps from Chinese internet giant Baidu found to leak sensitive data
New research from Palo Alto Network Inc.’s Unit 42 has detailed how Android apps from Chinese internet giant Baidu Inc. listed on Google Play were leaking sensitive data.
The apps, including Baidu Search Box and Baidu Maps that have been downloaded in the U.S. more than 6 million times were found to make users trackable by leaking data from a user’s device. The data leaked by the applications included phone data, screen resolution, the phone’s MAC address, carrier, network, Android I.D., International Mobile Subscriber Identity and International mobile Equipment Identity.
Although the research noted that information such as screen resolution is harmless, the IMSI can be used to identify and track a user uniquely even if the user switches to a different phone. The IMEI is a unique identifier linked to the physical device that could also be used to track a user as long as they continued to use the same phone.
“The IMSI uniquely identifies a subscriber to a cellular network and is typically associated with a phone’s SIM card, which can be transferred between devices,” the research explained “Both identifiers can be used to track and locate users within a cellular network.”
“Android applications that collect data, such as the IMSI, are able to track users over the lifetime of multiple devices,” the research added. “For example, if a user switches their SIM card to a new phone and installs an application that previously collected and transmitted the IMSI number, the app developer is able to uniquely identify that user.”
Unit 42 contacted Baidu with no response as of the time of writing. Google’s Android team was also contacted and not only confirmed the findings but identified additional violations. As a consequence, the applications were removed from Google Play on Oct. 28. A compliant version of Baidu Search Box returned to Google Play Nov. 19, but Baidu Maps remains unavailable.
“Data leakage from Android applications and SDKs represents a serious violation of users’ privacy,” the research concluded. “Detection of such behavior is vital in order to protect the privacy rights of mobile users.”
Image: Baidu Maps
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
