Expert(s):
Senior Security Intelligence Engineer feature_status*/ ?>
Lookout

Comments Dotted : 1
November 25, 2020

Comment: Baidu Caught Collecting Sensitive Details From Android Users
It’s important to be mindful of the permissions an application requests.
SDKs that attempt to collect sensitive information about the device are not terribly uncommon; many advertising SDKs do this in order to serve more relevant ads to users. However, it’s important to be mindful of the permissions an application requests so that a user may know exactly what kind of data they might be sharing with a corporation, advertising SDK or developer. In the case of Baidu Maps and Baidu Search Box, the applications are asking for the “READ_PHONE_STATE” permission. In.....Read More
SDKs that attempt to collect sensitive information about the device are not terribly uncommon; many advertising SDKs do this in order to serve more relevant ads to users. However, it’s important to be mindful of the permissions an application requests so that a user may know exactly what kind of data they might be sharing with a corporation, advertising SDK or developer. In the case of Baidu Maps and Baidu Search Box, the applications are asking for the “READ_PHONE_STATE” permission. In versions of the operating system prior to Android 10, “ READ_PHONE_STATE" protected the user from sharing certain unique, identifying data like the IMSI and IMEI without explicit permission. As Palo Alto Networks points out, details unique to the user like the IMSI and IMEI, and which are typically associated with the user’s SIM card, could be used to track the individual across devices. With Android 10, Google has limited device identifiers to system applications and those signed with a platform key.  Read Less