Google has delisted two Chinese apps – Baidu Maps and Baidu Search Box – from the Play Store for leaking users’ sensitive data. An investigation from the security firm Palo Alto Networks claimed that the two apps used a code that harvested information without the users’ knowledge, even after the device was switched off. The apps, with a combined download count of 6 million, potentially exposed information including users’ MAC address, IMSI number, carrier information, phone model, and IMSI (International Mobile Subscriber Identity) number.
In addition to the China-based apps, the researchers stated they have identified multiple Android applications on the Play Store that were leaking users’ data through their machine learning-based spyware detection system.
Palo Alto researchers suggested that Android app developers must follow best practices to properly handle users’ data. They said, “Android users should stay informed about the required permissions requested by applications on their devices.”
“While not a definitive violation of Google’s policy for Android apps, the collection of identifiers, such as the IMSI or MAC address, is discouraged based on Android’s best practice guide. Palo Alto also notified Google’s Android team, who confirmed the findings, identified unspecified violations, and removed the applications from Google Play globally on October 28, 2020. A compliant version of Baidu Search Box became available on Google Play globally on November 19, 2020, while Baidu Maps remains unavailable globally,” the researchers added.
Android Adware: A Rising Issue
Adware is a kind of software that hijacks mobile devices to spam the victim with unwanted ads and steals user data. Recently, Google removed 21 malicious Android apps from its Play Store after discovering intrusive adware and Trojans in them. According to security solutions provider Avast, the fraudulent apps were disguised as gaming apps and contained “HiddenAds Trojan.” Read the full story here…