Two Android apps from baidu were randomly surveyed by google after the Palo Alto Networks report was released.Baidu's search box and map app contain code to collect user information, which Google removed from Play stores in October 2020, the report said.But last week, Baidu search box appeared again in front of the majority of users.
Google Play store screenshots
Specifically,Palo Alto NetworksSaid the data collection code exists in Baidu push SDK and is used to display real-time notification in two apps. However, Stefan achleitner and xuchengcheng, researchers on data collection behavior, point out that:
Achleitner and Xu add that while this behavior may seem harmless, data such as IMSI code can still be used to accurately identify and track a user, even if the user switches to another device.
On the one hand, despite reporting the incident to Google, it is embarrassing that the company's Android App policy does not specifically prohibit the collection of details of individual users.
However, on the other hand, the play store security research team found other unspecified violations of Baidu app in two investigations, which eventually led to the two apps being removed from the shelves by the official app store on October 28, 2020.
Baidu spokesman said in an email today that the data collection behavior mentioned in the initial report triggered the Google team's investigation, but this is not the reason why the two apps were taken off the shelves in the play store because the company has obtained permission from users to collect such information.
At the same time, the baidu team said it was working hard to solve other problems found by Google. By the time of publication, Baidu's search box app has returned to the play store, and the map app will return as soon as possible after fixing the relevant problems.
Before the launch in October, the total number of downloads of the two Baidu apps exceeded 6 million. In addition, Palo Alto networks researchers found similar data collection code in the sharesdk developed by Chinese advertising technology giant mobtech.
Achleitner and Xu said the SDK has been used by more than 37500 applications and allows developers to collect personal information including phone model, screen resolution, MAC address, Android ID, AD ID, operator / IMSI / IMEI, etc.
Obviously, this kind of event is not isolated, but a big problem around the Android ecosystem.