Tuesday 8 March 2016

Thousands of Apps Running Baidu Code Collect, Leak Personal Data


Apps by Chinese Internet Giant, Baidu Leaks Personal data

According to researchers, apps running code that have been built by Chinese Internet giant Baidu, have collected as well as transmitted user’s personal details to the company most of which is easily captured. The apps seem to be downloaded hundreds of time. Researchers at Canada-based Citizen Lab have informed that they had discovered the issue in an android software development kit created by Baidu.

These tend to affect Baidu’s mobile browser and the apps developed by Baidu together with other firms utilising the same kit. They informed that Baidu’s Windows browser had also been affected. The researchers also highlighted identical problems with unsecured personal details in Alibaba’s UC Browser which is another browser that is extensively used in the world’s largest Internet market.

Alibaba had fixed those susceptibilities and Baidu had informed Reuter that it would fix the encryption holes in its kits, though would still collect data for commercial use and some of which it stated was shared with third parties. The Chinese Internet giant said that it only offers what data seems to be lawfully requested by duly constituted law enforcement agencies.

Interest in Data, only Commercial

Jeffrey Knockel, chief researcher at Citizen Lab had informed Reuters ahead of publication of the research recently that the unencrypted details which tend to be collected comprise of the user’s location, website visits, and search terms.

The issue emphasizes on how difficult it is for users to be aware of what data their phone collects and transmits and the risk that personal data could escape due to poor or no encryption. Moreover it also highlights how several different groups could be interested in retrieving such type of data. Ron Deibert director of Citizen Lab had commented that it is either shoddy design or its surveillance by design.

Citizen Lab has stated that Baidu which tends to report quarterly earnings in New York had recently fixed some of the issue since it brought them to the attention of the company in November. However, the Android browser still seems to send sensitive data like the device ID in an easy decryptable format. Baidu had informed Reuters that its interest in the data was only commercial though refrained to comment on who else would access.

Privacy Issues & Data Security – Underlined in US

Privacy issues and data security have been underlined in the United States wherein Apple is in a deadlock with the Federal Bureau of Investigation over requests to unlock an iPhone owned by one who had been on a shooting charge in San Bernardino, California in December.

Citizen Lab had mentioned that its research last year, in Alibaba’s UC Browsers had been prompted by documents from National Security Agency whistle-blower Edward Snowden portraying Western intelligence agencies had used holes in the browser to spy on the users. Alibaba had informed that there had been no evidence that the data of the user was taken though it had showed concern and had asked users to update their browsers.

They stated that there was no possibility of accessing how many users had been affected by the Baidu issue, in China and beyond. Some of the software developers in China state that lack of encryption is common and partly owing to quick growth together with poor security awareness. Andy Tian, CEO of Beijing-based app developer Asia Innovations had said `that it is really painful but it’s a growing pain’.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.