Baidu for Windows and Android, leak Sensitive Data and GPS Coordinates

Status
Not open for further replies.
I

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Full Report by Baidu's and Don'ts: Privacy and Security Issues in Baidu Browser - The Citizen Lab

Thousands of apps running Baidu code collect, leak personal data - research

"Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say.

The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said.

The unencrypted information that has been collected includes a user's location, search terms and website visits, JeffreyKnockel, chief researcher at Citizen Lab, told Reuters ahead of publication of the research on Wednesday.

The problem highlights how difficult it is for users to know just what data their phone collects and transmits, and the risk that personal data might leak because of poor or no encryption. It also highlights how many different groups might be interested in accessing such data.

"It's either shoddy design or it's surveillance by design,"said Citizen Lab director Ron Deibert.

Citizen Lab said Baidu - which reports quarterly earnings in New York on Thursday - had fixed some of the problems since it brought them to the company's attention in November, but the Android browser still sends sensitive data such as the device ID in an easily decryptable format.

Baidu told Reuters its interest in the data was just commercial, but declined to say who else might have access."

News Source: Thousands of apps running Baidu code collect, leak personal data - research
 
  • Like
Reactions: jamescv7, Blackhawk, Jack and 7 others
Rishi

Rishi

Level 19
Verified
Honorary Member
Top Poster
Well-known
Dec 3, 2015
938
Everybody does this, some more some less, but users must be given a control on what they are willing to share and when or at least informed about it, and that data too should be encrypted properly unless it's as the article says - surveillance by design.Statistical data for commercial needs is understood(if you like the company you help it) but making it easy for any prying eyes is questionable.
 
  • Like
Reactions: russ0408, CySecy825, kev216 and 2 others
kev216

kev216

Level 21
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 6, 2014
1,044
Rishi said:
Everybody does this, some more some less, but users must be given a control on what they are willing to share and when or at least informed about it, and that data too should be encrypted properly unless it's as the article says - surveillance by design.Statistical data for commercial needs is understood(if you like the company you help it) but making it easy for any prying eyes is questionable.
Click to expand...
That's true, I can live with the fact that they do gather some statistical information, and lot's of companies does this. There is no problem with it as long as you say cleary that your company is only doing it for the improvements for the products. And that not everyone can look into these detailed information packages that easy.


Huracan said:
Baidu told Reuters its interest in the data was just commercial, but declined to say who else might have access."
Click to expand...

But instead of saying it's only for that purpose, they don't even confirm that nobody else has acces to the information. That says it all. And with that in mind they don't deserve the benefin of the doubt imho.
 
  • Like
Reactions: russ0408, CySecy825, safe1st and 1 other person
Blackhawk

Blackhawk

Level 3
Verified
Jun 11, 2014
149
Just another reason to stay away from Baidu, Qihoo, and ALL Chinese software. I am sorry, but those are my feelings. I would never buy into the notion that they are using any data collection to help improve their products.
 
  • Like
Reactions: kev216 and CySecy825
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Too bad, because of the fallacy called 'Argumentum Ad Homenem' even though Baidu suffered on the critical leak however its already been pin point other products especially the location based.

Yes there numerous reasons not to use their product considering their massive collecting of information for statistics but better not to mentioned a lot of reputable Chinese products.
 
  • Like
Reactions: Rishi
Status
Not open for further replies.

Similar threads

enaph
    • Like
    • Applause
    • Wow
Privacy News South Korea Fines Meta Over Collection of Sensitive User Data
Replies
0
Views
223
Security News
enaph
enaph
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Thanks
Security News Hackers leak 2.7 billion data records with Social Security numbers
Replies
0
Views
2,354
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • +Reputation
    • Thanks
Security News Possible Pinterest Dat leak with 6 Million affected user (July 2024)
Replies
1
Views
2,362
Security News
I Walk MY Way
I Walk MY Way

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top