Popular Chinese apps found to be leaking user-tracking data

Thanks to the efforts of security researchers from Palo Alto’s Unit 42 team, it is now known that two popular Chinese apps on Google Play Store are leaking sensitive data.

This could be used for the purposes of user tracking, even long after the individual in question has switched phones.

The researchers identified the following apps to be problematic in this regard:

  • Baidu Maps
  • Baidu Search Box

Both of these apps were found to be leaking sensitive data such as:

  • MAC address
  • Carrier information
  • IMSI number

As a result, unauthorised third parties could gain access to it, and upon doing so, they could track the user’s location or intercept messages and phone calls.

Since some of this data is housed inside the SIM card, this kind of illegal user tracking could continue long after the user has switched to another phone.

Jen Miller-Osborn, deputy director for threat intelligence at Unit 42, said that users should always consider potential security risks before downloading an app.

To be on the safe side, reading through the lengthy terms of service agreements could prove to be a worthy endeavour.

After all, this is something that will help you to make an informed decision.

At the present time, both Baidu Maps and Baidu Search Box have millions of users all around the globe.

The researchers from Unit 42 brought their findings to Google, and the company removed the apps from the Play Store on 28th October this year due to violations.

On 19th November, the Baidu Search Box app was re-added – this time, it was compliant with all the guidelines.

However, this is far from the only example of dangerous apps sneaking their way into the official store, even from big-name developers such as Baidu.