New research from Palo Alto Network Inc.’s Unit 42 has detailed how Android apps from Chinese internet giant Baidu Inc. listed on Google Play were leaking sensitive data.
The apps, including Baidu Search Box and Baidu Maps that have been downloaded in the U.S. more than 6 million times were found to make users trackable by leaking data from a user’s device. The data leaked by the applications included phone data, screen resolution, the phone’s MAC address, carrier, network, Android I.D., International Mobile Subscriber Identity and International mobile Equipment Identity.
Although the research noted that information such as screen resolution is harmless, the IMSI can be used to identify and track a user uniquely even if the user switches to a different phone. The IMEI is a unique identifier linked to the physical device that could also be used to track a user as long as they continued to use the same phone.
“The IMSI uniquely identifies a subscriber to a cellular network and is typically associated with a phone’s SIM card, which can be transferred between devices,” the research explained “Both identifiers can be used to track and locate users within a cellular network.”
“Android applications that collect data, such as the IMSI, are able to track users over the lifetime of multiple devices,” the research added. “For example, if a user switches their SIM card to a new phone and installs an application that previously collected and transmitted the IMSI number, the app developer is able to uniquely identify that user.”
Unit 42 contacted Baidu with no response as of the time of writing. Google’s Android team was also contacted and not only confirmed the findings but identified additional violations. As a consequence, the applications were removed from Google Play on Oct. 28. A compliant version of Baidu Search Box returned to Google Play Nov. 19, but Baidu Maps remains unavailable.
“Data leakage from Android applications and SDKs represents a serious violation of users’ privacy,” the research concluded. “Detection of such behavior is vital in order to protect the privacy rights of mobile users.”
Image: Baidu Maps
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
Website of source