Security News > 2020 > November > China's Baidu Android Apps Caught Collecting Sensitive User Data

China's Baidu Android Apps Caught Collecting Sensitive User Data
2020-11-25 22:57

Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details.

The two apps in question-Baidu Maps and Baidu Search Box-were found to collect device identifiers, such as the International Mobile Subscriber Identity number or MAC address, without users' knowledge, thus making them potentially trackable online.

Its vector detection ratio - the ratio of unwanted apps installed through that vector overall apps installed through that vector - was found to be only 0.6% when compared to alternative third-party app stores.

"Thus, the Play market defenses against unwanted apps work, but still significant amounts of unwanted apps are able to bypass them, making it the main distribution vector for unwanted apps," the researchers said.

"Disallowing permissions can often result in a non-working application, which leads to a bad user experience and might tempt a user to click on 'allow' just to be able to use an application. Even if a certain permission is granted, it is often up to the app developers whether it is used in accordance with the official guidelines."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/BtFAavfeXd8/baidus-android-apps-caught-collecting.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Baidu 11 0 6 6 2 14