SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
25 Feb 2016

Thousands of apps running Baidu code collect and leak personal data

Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say.

The apps have been downloaded hundreds of millions of times. The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit.

Baidu's Windows browser was also affected, they said. The same researchers last year highlighted similar problems with unsecured personal data in Alibaba's UC Browser, another mobile browser widely used in the world's biggest Internet market. Alibaba fixed those vulnerabilities, and Baidu told it would be fixing the encryption holes in its kits, but would still collect data for commercial use, some of which it said it shares with third parties.

Baidu said it "only provides what data is lawfully requested by duly constituted law enforcement agencies." The unencrypted information that has been collected includes a user's location, search terms and website visits, JeffreyKnockel, chief researcher at Citizen Lab, told ahead of publication of the research on Wednesday. The problem highlights how difficult it is for users to know just what data their phone collects and transmits, and the risk that personal data might leak because of poor or no encryption. It also highlights how many different groups might be interested in accessing such data.

"It's either shoddy design or it's surveillance by design,"said Citizen Lab director Ron Deibert. Citizen Lab said Baidu - which reports quarterly earnings in New York on Thursday - had fixed some of the problems since it brought them to the company's attention in November, but the Android browser still sends sensitive data such as the device ID in an easily decryptable format. Baidu told its interest in the data was just commercial, but declined to say who else might have access.

Data security and privacy issues have been highlighted in the United States, where Apple is in a stand-off with the Federal Bureau of Investigation over requests to unlock an iPhone owned by one of those who went on a shooting rampage in San Bernardino, California in December. Citizen Lab said its research into Alibaba's UC Browser last year was prompted by documents from National Security Agency whistleblower Edward Snowden showing Western intelligence agencies had used holes in the browser to spy on users.

Alibaba said then there was no evidence that user data was taken, but it had addressed concerns by asking users to update their browsers. The researchers said it was not possible to assess how many users were affected by the Baidu problem, both in China and beyond. Some software developers in China say a lack of encryption is commonplace, and partly due to rapid growth and poor security awareness. "It's really, really painful, but it's a growing pain," said Andy Tian, CEO of Beijing-based app developer Asia Innovations.

Tags:
Baidu information leaks China
Source:
Reuters
2175
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015