Capture of sensitive information by Baidu Apps detected by Palo Alto Networks’ Researchers
Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details.
The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users’ knowledge, thus making them potentially trackable online.
The discovery was made by network security firm Palo Alto Networks, who notified both Baidu and Google of their findings, after which the search company pulled the apps on October 28, citing “unspecified violations.”
According to Palo Alto researchers, the full list of data collected by the apps include:
• Phone model
• Screen resolution
• Phone MAC address
• Carrier (Telecom Provider)
• Network (Wi-Fi, 2G, 3G, 4G, 5G)
• Android ID
• IMSI number
• International Mobile Equipment Identity (IMEI) number
Reference: https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html