Baidu Android apps caught leaking sensitive data from devices

guest · Nov 24, 2020

Baidu Android apps caught leaking sensitive data from devices
Capturing the phone's IMSI number and MAC address, the leaked data could have made users trackable
November 24, 2020
https://www.techrepublic.com/article/baidu-android-apps-caught-leaking-sensitive-data-from-devices/

Mobile apps can pose certain risks even if the developers have no malicious intent in mind. Bugs or errors in the development phase can lead to certain problems, such as data leaks.
Discovered by cybersecurity firm Palo Alto Networks, two apps from Chinese tech company Baidu were found leaking certain data from the devices. A blog post published Tuesday describes the type of data being leaked and why such leaks can be hazardous.

In the lineup were Baidu Search Box and Baidu Maps, which together had been downloaded 6 million times in the US. The leaked data included the phone's MAC address, certain carrier information, and the IMSI number.
The MAC address is used as an identifier for the networking hardware in a device and never changes.
Click to expand...

Beyond giving up the MAC address and IMSI numbers, some Android apps have been discovered leaking other types of data, including the phone model, screen resolution, carrier, network type (Wi-Fi, 3G, 4G, etc.) Android ID, and the IMEI (International Mobile Equipment Identity) number. Some of this data is relatively benign. But a leak of the IMEI number can raise a red flag.

"Data leakage from Android applications and SDKs represents a serious violation of users' privacy," Palo Alto Networks said in its post. "Detection of such behavior is vital in order to protect the privacy rights of mobile users."
Click to expand...

Palo Alto Networks - Unit42: Android Apps Leaking Sensitive Data Found on Google Play With 6 Million U.S. Downloads

While not a definitive violation of Google’s policy for Android apps, the collection of identifiers, such as the IMSI or MAC address, is discouraged based on Android’s best practice guide.
Click to expand...

In mobile devices, it is typical to ask a user to grant a list of permissions upon installation of an application or to prompt a user to allow or deny a permission while the application is running. Disallowing permissions can often result in a non-working application, which leads to a bad user experience and might tempt a user to click on “allow” just to be able to use an application.

To prevent data leakage, Android app developers should follow Android’s best practices guide and correctly handle users’ data. Android users should stay informed about the required permissions requested by applications on their devices.
Click to expand...

Log in or Sign up

Baidu Android apps caught leaking sensitive data from devices

guest Guest

Log in or Sign up

Baidu Android apps caught leaking sensitive data from devices

guest Guest

Useful Searches