Security News > 2020 > November > Google binned two apps by China’s Baidu, which says researchers got it wrong by linking it to personal info leaks
UPDATED Infosec researchers at Palo Alto Networks' Unit 42 threat intelligence unit spotted a pair of prominent Chinese apps leaking personal data, and after it informed Google the ad giant dumped the apps from its Play store.
Baidu says the personal information was only used to enable push functionality and that the privacy agreement in its apps disclosed that use.
Baidu also got an email from Palo Alto and appears to have acted because a new and sniffer-free version of Search Box debuted on Google Play on November 19th. Baidu Maps is yet to return.
Palo Alto detected Baidu's misbehaving apps with a malware scanner, which speaks volumes about the Baidu apps' behaviour.
UPDATED: 04:00 GMT November 25th. Baidu has contacted The Register and said the reason the apps were removed from the Play Store was "One of our APKs has prominent disclosure but the disclosure is not adequate."
News URL
https://go.theregister.com/feed/www.theregister.com/2020/11/25/palo_alto_detects_leaking_baidu_apps/
Related news
- Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (source)
- Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool (source)
- Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps (source)
- Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations (source)