BAIDU APPS LEAKING PERSONAL INFO
The security researchers say that the personal data is currently being collected & transferred unsafely by a number of applications by utilizing a code from a Chinese net giant Baidu. The millions of these Chinese persons are agreed to have been affected by the leakage of data as said by the security experts at the University of Toronto.
The information reveals where those people are, the search terms, sites history & the ID numbers of the devices that they have.Baidu has said that it had tackled this problem with an unsafe computer program.
The code is available in the software development kit which can be utilized to make the apps for an Android phone & programs for the windows. Baidu has itself utilized it to create web browsers for Android & windows and many other firms have utilized the kit also. The apps & the browsers created by utilizing the Baidu kit have downloaded a hundreds of millions of times as said by researchers at Toronto’s Citizen Lab in report. As a part of a long research project, the Lab has basically done privacy & personal data use in China. The current report has found several security & the privacy shortcomings in the Baidu program.
Some of the data involving the GPS coordinates & the search terms are sent in a plain text. In addition, the security which are added to other forms of information like the unique device IDs can easily be broken. Poor security of applications which are made with a kit also makes users susceptible to the fake updates which can provide an attacker the access to a phone or a windows PC. Being insecure, the users will have no warning which data was being transmitted and gathered.
The leakage of such the user data is specifically problematic for a person who utilize the app & their devices to engage in politically sensitive communication. Ron Deibert, the director of the citizen lab, told the Reuters that it is either a shoddy design or it is a surveillance by design. Citizen Lab says that the Baidu has fixed some of the problems in the coding.
It added that the poor encryption schemes are still being utilized on the sensitive data. It has added that the information wasn’t handed over to the Chinese authorities. And it only offers the data which is lawfully requested by the duly constituted law enforcement agency.