Baidu Android apps caught leaking sensitive data from devices
Mobile apps can pose certain risks even if the developers have no malicious intent in mind. Bugs or errors in the development phase can lead to certain problems, such as data leaks. Discovered by cybersecurity firm Palo Alto Networks, two apps from Chinese tech company Baidu were found leaking certain data from the devices. A blog post published Tuesday describes the type of data being leaked and why such leaks can be hazardous.
With the aid of machine learning (ML)-based spyware detection, researchers at Palo Alto Network's Unit 42 security arm found multiple Android apps on Google Play that were leaking data. In the lineup were Baidu Search Box and Baidu Maps, which together had been downloaded 6 million times in the US. The leaked data included the phone's MAC address, certain carrier information, and the IMSI number.
The MAC address is used as an identifier for the networking hardware in a device and never changes. The IMSI (International Mobile Subscriber Identity) number is used to identify a subscriber with a cellular network and is usually associated with the device's SIM card. Both the MAC address and IMSI number can be used to track the location of a mobile device and its user, hence the concern over the data leakage.