Baidu Apps Are Spying Personal Data And Leaked Information
According to a research security, researchers found that thousands of apps are using code from the Chinese net giant Baidu, and are able to collect and transmit the Personal data insecurely.
According to the security experts at the University of Toronto, they believed that millions of Chinese people have been affected by this issue. Millions of Chinese People affected by the data leaks.
The information included in the data leaks contains:
- Where the Person Are.
- Sites Visited by them.
- Search Terms.
- ID numbers of their device too which they own.
Chinese net giant Baidu said that with the insecure computer code they had tackled the problems.
The software development kit contains the code which can be used in order to create programs for Windows and apps for android phones. That code was also used by the Chinese net giant Baidu, to make web browsers for Android and Windows too. Many firms used the Chinese net giant Baidu web browsers.
The security experts at the University of Toronto, also said that "Hundreds of millions of times, the apps and browsers have been downloaded, which is made using the Baidu Kit."
The Lab has focussed on personal and private data use in China because it is a part of long-running research project. Last year the researchers at Toronto's Citizen The Lab found patches in the Alibaba browser, and now in the Baidu code (several security and privacy shortcomings).
Data like GPS coordinates and Search terms are also sent in a plain text. And unique device IDs can easily be broken. An Attacker can easily get access to a phone and Windows computer, because of the weak protection of apps.
Authors said in their reports that "If the personal data transmission without properly implemented encryption then it can expose a user's data to surveillance, The leakage of such user data is particularly problematic for individuals who use these applications and their devices to engage in politically sensitive communications,"
Ron Deibert(director of the Citizen Lab) told Reuters that "It's either shoddy design or it's surveillance by design,"
Is It Fixed or Not Fixed?
In November last year, Baidu had already patched some of the bugs in the code, said by Citizen Lab. But, still poor encryption scheme was still being used on sensitive data.
Baidu has made so many statements regarding this issue some of them was:
- For commercial purposes, the data was collected.
- Once, they said that they shared the data with partners.
- They also said that the information was not handed over wholesale to the Chinese authorities.
- They said that "they provide only the lawfully data requested by duly constituted law enforcement agencies."