![]() “But it’s something that users should really just be aware of. “The users aren’t going to be aware that this data is leaking - there’s nothing they can see from their device itself to know that one of their apps is collecting this data in the background and sending it back,” she said. Researchers have a long history of discovering nefarious behaviors from mobile apps, including the spread of malicious software, theft of user credentials and enlisting their device in expensive subscription services. The incident is a reminder that just because an application is available in an official app marketplace, it doesn’t mean it will protect user data, Miller-Osborn says. Google confirmed the findings, according to Unit 42. One of the applications, Baidu Search Box, now has a globally compliant version that is available in the store, while Baidu Maps is not yet available, according to Unit 42. Google removed the applications from the Play Store in late October to address violations the company found after Unit 42 reached out. A company spokesperson said in a statement, “Baidu takes the privacy and security of its users very seriously and data is only used under the authorization of users.” vulnerable, as they had been downloaded a combined 6 million times in the U.S., researchers said in their findings.īeijing-based Baidu is one of China’s most visible technology firms, recognized for its search services and ongoing work on artificial intelligence. The applications left approximately 6 million users in the U.S. “Best practices are typically for apps to not collect that because at that level you can basically track the person.” ![]() “The concern with it is it was exposing things that are specific just to an individual phone itself,” said Jen Miller-Osborn, Unit 42’s deputy director of threat intelligence. ![]() For privacy reasons, Android application developers are advised against working with MAC addresses. Snoops using IMSI catchers, which imitate cell towers to capture a user’s location, have been known to do just that. MAC addresses survive factory resets and can’t be reset by users. It’s the kind of data that, if it were to fall into the wrong hands, could be used to stalk, monitor, or even harass an individual. IMSI numbers, for instance, could allow cybercriminals or state-linked actors to track someone, even if they switch to a new device, as IMSI numbers can be used to uniquely identify a user. Through reverse-engineering, the researchers at Unit 42, the research arm at Palo Alto Networks, found that both the Baidu Search Box and Baidu Maps applications used a software development kit (SDK) that would collect users’ MAC address, carrier information and international mobile subscriber identity (IMSI) number. A pair of Baidu applications on the Google Play Store were recently leaking users’ sensitive data that could be used to track users’ location, according to Palo Alto Networks’ Unit 42 research published Tuesday. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |