Thousands of apps running Baidu code collect, leak personal data: report
24 Feb 2016
Thousands of apps running code built by Chinese internet giant Baidu have been collecting and transmitting users' personal information back to the company, much of which had been easily intercepted, say researchers.
The apps had been downloaded hundreds of millions of times. Researchers at Canada-based Citizen Lab found the problems in an Android software development kit developed by Baidu, which affected the mobile browser and apps developed by it and other firms using the same kit.
They added that Baidu's Windows browser had been also affected.
Similar problems had been highlighted by the same researchers with unsecured personal data in Alibaba's UC Browser, another mobile browser widely used in the world's biggest internet market.
Those vulnerabilities had been fixed by Alibaba. Baidu told Reuters it would fix the encryption holes in its kits. However, it said it would still collect data for commercial use, some of which was shared with third parties. Baidu claims it only provided what data was lawfully requested by duly constituted law enforcement agencies.
The unencrypted information that had been collected included users' location, search terms and website visits, Jeffrey Knockel, chief researcher at Citizen Lab, told Reuters ahead of the publication of the research today.
According to commentators, the problem highlighted how difficult it was for users to know just what data their phone collected and transmitted, and the risk that personal data might leak because of poor or no encryption. It also highlights how many different groups might be interested in accessing such data.
"It's either shoddy design or it's surveillance by design,"said Citizen Lab director Ron Deibert, Reuters reported.
Data security and privacy issues had been highlighted in the US, where Apple had taken on Federal Bureau of Investigation over requests to unlock an iPhone owned by one of those who went on a shooting rampage in San Bernardino, California in December.
.jpg "RBI keeps repo rate unchanged as focus remains on inflation")
.jpg "Indian Oil, Panasonic team up for lithium-ion cell production in India")
