Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details.
The two apps in question—Baidu Maps and Baidu Search Box—were found to collect device identifiers, such as the International Mobile Subscriber Identity (IMSI) number or MAC address, without users’ knowledge, thus making them potentially trackable online.
The discovery was made by network security firm Palo Alto Networks, who notified both Baidu and Google of their findings, after which the search company pulled the apps on October 28, citing “unspecified violations.”
As of writing, a compliant version of Baidu Search Box has been restored to the Play Store on November 19, while Baidu Maps remains unavailable until the unresolved issues highlighted by Google are fixed.
A separate app named Homestyler was also found to collect private information from users’ Android devices.
According to Palo Alto researchers, the full list of data collected by the apps include:
- Phone model
- Screen resolution
- Phone MAC address
- Carrier (Telecom Provider)
- Network (Wi-Fi, 2G, 3G, 4G, 5G)
- Android ID
- IMSI…
http://feedproxy.google.com/~r/TheHackersNews/~3/BtFAavfeXd8/baidus-android-apps-caught-collecting.html