Experts caught Baidu Android apps for collecting user data

The apps Baidu Maps and Baidu Search Box, downloaded more than 6,000,000 times, were convicted of collecting user data and were removed from the Google Play Store last month.

According to the company, the data collection code was hidden by the Baidu Push SDK, which was used to display real-time notifications in both apps. The code collected information such as phone model, MAC address, carrier data, and an IMSI (International Mobile Subscriber Identity) number.

“Some of the information collected was ‘harmless’, but some data, such as the IMSI,” could be used to identify and track users, even if they switched to another phone”, – the researchers note.

We also wrote that Vulnerability in Android app GO SMS Pro leaks data exchanged between users.

Also, a report from Palo Alto Networks says that a similar code for data collection was found in the ShareSDK, developed by the Chinese giant MobTech.

Used by more than 37,500 apps, this SDK also allows app developers to collect information about phone model, screen resolution, MAC addresses, Android ID, advertising ID, carrier information, IMSI and IMEI.

“Android malware analysis shows that SDKs such as the Baidu Push SDK and ShareSDK are often used by malicious applications to retrieve data from devices”, — the researchers write.

As a reminder, third-party SDKs secretly collected data from Twitter and Facebook users.

While the collection of personal data is not explicitly prohibited by Google’s policy, after the experts reported the issue to Google, the Play Store security team confirmed their findings and also “identified [additional] unspecified violations” in both designated Baidu apps. As a result, the apps were removed from the official store on October 28, 2020.

As Baidu representatives now explain, not the data collection caused the apps to be removed from the Play Store (as the Chinese company received permission from users to collect this information). The problem was precisely that Google engineers had discovered other problems that Baidu was already working on to solve.

So, currently, the Baidu Search Box application has been restored to the Play Store. Baidu officials say Baidu Maps will be returning to the store soon.