Palo Alto Networks researchers have identified some apps for Android devices, including Baidu Search Box and Baidu Maps, could be filtering data from their users. These apps have been downloaded more than 6 million times in the U.S. alone, so this is a significant reach issue.
The discovery was made possible by an advanced machine learning-based spyware detection system developed by Unit 42, Palo Alto’s research area.
Experts found that these applications collect user identifiers, including data such as IMSI or MAC address. While this is not formally a violation of Google and Play Store policies, developers are advised to stay away from this data.
Among the data that these applications filter are:
- Phone model
- Screen resolution
- MAC address
- Telephone company
- Network type (Wi-Fi, 2G, 3G, 4G, 5G)
- Android ID
This information could be useful for threat actors, who could deploy all sorts of malicious campaigns using a few sensitive user details. While some of this data (such as screen resolution) can be trivial, details such as IMSI may allow you to identify and track a particular user, even if you change devices by retaining their phone number, allowing you to send invasive advertisements and collect all kinds of content preference information.
Cybercriminals are also interested in this information, as it would allow them to use phone signal receivers for espionage purposes and to detailed profiles of an target user. Attacks of this kind have already been directed against politicians, businessmen, activists, among other individuals.
The report has already been submitted to Google, which removed the apps reported last October. Baidu has already released a corrected version of Search Box, while Baidu Maps remains unavailable worldwide.
In this regard, Google posted a brief thank you message: “We appreciate the work of companies like Palo Alto and the rest of the cybersecurity community. We look forward to continuing to count on your collaboration to improve Play Store security.” Information leakage is a general industry problem, so it’s critical to encourage collaboration between application developers, operating system creators, and cybersecurity experts to mitigate the impact of these risks in the future.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.