Skip to main content

Baidu Android apps caught leaking sensitive data from devices

posted onNovember 25, 2020
by l33tdawg
Tech Republic
Credit: Tech Republic

Mobile apps can pose certain risks even if the developers have no malicious intent in mind. Bugs or errors in the development phase can lead to certain problems, such as data leaks. Discovered by cybersecurity firm Palo Alto Networks, two apps from Chinese tech company Baidu were found leaking certain data from the devices. A blog post published Tuesday describes the type of data being leaked and why such leaks can be hazardous.

With the aid of machine learning (ML)-based spyware detection, researchers at Palo Alto Network's Unit 42 security arm found multiple Android apps on Google Play that were leaking data. In the lineup were Baidu Search Box and Baidu Maps, which together had been downloaded 6 million times in the US. The leaked data included the phone's MAC address, certain carrier information, and the IMSI number.

The MAC address is used as an identifier for the networking hardware in a device and never changes. The IMSI (International Mobile Subscriber Identity) number is used to identify a subscriber with a cellular network and is usually associated with the device's SIM card. Both the MAC address and IMSI number can be used to track the location of a mobile device and its user, hence the concern over the data leakage.

Source

Tags

Industry News

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th