- Jan 8, 2011
- 22,361
Full Report by Baidu's and Don'ts: Privacy and Security Issues in Baidu Browser - The Citizen Lab
Thousands of apps running Baidu code collect, leak personal data - research
"Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say.
The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said.
The unencrypted information that has been collected includes a user's location, search terms and website visits, JeffreyKnockel, chief researcher at Citizen Lab, told Reuters ahead of publication of the research on Wednesday.
The problem highlights how difficult it is for users to know just what data their phone collects and transmits, and the risk that personal data might leak because of poor or no encryption. It also highlights how many different groups might be interested in accessing such data.
"It's either shoddy design or it's surveillance by design,"said Citizen Lab director Ron Deibert.
Citizen Lab said Baidu - which reports quarterly earnings in New York on Thursday - had fixed some of the problems since it brought them to the company's attention in November, but the Android browser still sends sensitive data such as the device ID in an easily decryptable format.
Baidu told Reuters its interest in the data was just commercial, but declined to say who else might have access."
News Source: Thousands of apps running Baidu code collect, leak personal data - research
Thousands of apps running Baidu code collect, leak personal data - research
"Thousands of apps running code built by Chinese Internet giant Baidu have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say.
The researchers at Canada-based Citizen Lab said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said.
The unencrypted information that has been collected includes a user's location, search terms and website visits, JeffreyKnockel, chief researcher at Citizen Lab, told Reuters ahead of publication of the research on Wednesday.
The problem highlights how difficult it is for users to know just what data their phone collects and transmits, and the risk that personal data might leak because of poor or no encryption. It also highlights how many different groups might be interested in accessing such data.
"It's either shoddy design or it's surveillance by design,"said Citizen Lab director Ron Deibert.
Citizen Lab said Baidu - which reports quarterly earnings in New York on Thursday - had fixed some of the problems since it brought them to the company's attention in November, but the Android browser still sends sensitive data such as the device ID in an easily decryptable format.
Baidu told Reuters its interest in the data was just commercial, but declined to say who else might have access."
News Source: Thousands of apps running Baidu code collect, leak personal data - research
