While the appearance of malicious apps on the Android Play Store is nothing new, seeing a dubious app from a known vendor is weird. Recently, Google had to remove two Baidu Android apps that collected sensitive data of the users. One of them, though, managed to re-enter the Play Store lately.
Two Baidu Android Apps Collecting Users’ Data
Researchers from Palo Alto Networks’ Unit 42 division have shared a report about their findings regarding apps collecting user information.
Briefly, they observed two Android Baidu apps – Baidu Maps and Baidu Search Box – collecting users’ sensitive data.
Some of the data the apps obtained from users included the device model, screen resolution, telecom provider, network, and identifiers like MAC address, Android ID, IMSI (International Mobile Subscriber Identity), and IMEI (International Mobile Equipment Identity).
Such data collection exposes users to further cybersecurity risk and continuous tracking in the future, according to the researchers. Describing the risks associated with the misuse of such sensitive data, the researchers stated,
Android applications that collect data, such as the IMSI, are able to track users over the lifetime of multiple devices…
Data such as the IMSI or the IMEI are desirable for cybercriminals, who can use methods such as active and passive IMSI catchers to overhear this information from cell phone users. Once this data is acquired, cybercriminals can profile users and further extract sensitive information about them…
This data can also be misused by cybercriminals or state actors to violate a user’s privacy and take advantage of the leaked information to intercept phone calls or text messages. Users can be put further at risk if cybercriminals or state actors intercept messages that transfer information in plain text or with weak encryption.
Google Suspended Baidu Apps
Following the researchers’ report, Google investigated the matter and found numerous policy violations by the apps. Hence, Google removed Baidu Maps and Baidu Search Box from the Play Store.
However, Baidu Search Box reappeared on Play Store after complying with Google’s policies.
Other Apps Collecting Data Similarly
Besides the two Baidu apps, the researchers also observed similar behavior with another app Homestyler – Interior Design & Decorating Ideas. This app also collects private data and is still live on the Play Store.
Also, they observed the abuse of Baidu Push SDK and Mobtech’s ShareSDK by malicious Android apps to collect similar data.
To prevent safety breaches, researchers advise all Android developers to comply with Android best practices to manage user data. Whereas, the users must also carefully review the details an app asks to record or access before granting permissions to it.