Researchers find privacy problems in popular Baidu browser

February 26, 2016 by Alex Gillis
Researchers find privacy problems in popular Baidu browser
Android and Windows versions of the Baidu browser have been found to have security risks. Credit: Jon Russel via flickr

University of Toronto undergrad Jing Zhou knows a lot about surveillance issues in China and Canada, but even she's surprised by findings that hundreds of millions of people are at risk of hacking and surveillance because of a popular internet browser.

This week, the Citizen Lab at the University of Toronto's Munk School of Global Affairs released a report showing that the Android version of Baidu Browser, made by one of China's largest technology companies, leaks a user's location, browsing history and other data because of poor or missing encryption whenever the browser is used.

And the browser's Windows version leaks even more data, including computer serial numbers. Any individual, company and government can hack a device or spy on users' online habits.

Zhou is concerned about the human rights implications given the increasing number of people from China worried about hacking and surveillance. She helps to run a U of T student club called Choose Humanity, which raises awareness about human rights abuses.

"In Toronto, there are Chinese officials surveilling students, religious practitioners and community members," says Zhou, who moved from China to Canada in 2001 and is finishing a management degree at U of T. "Not only in Canada, but in China, the government and police track down your relations and monitor them."

Baidu runs the most used search engine in China – but it's also used around the world in Chinese, English and other languages.

Many of the vulnerabilities are due to missing or poor encryption used by something called software development kits (SDKs), which are present in more than 22,000 apps related to Baidu, researchers say. The apps have been downloaded billions of times.

"Baidu and anyone monitoring your traffic can use your hardware's serial numbers to track your GPS location, nearby wireless networks, and every unencrypted and encrypted web page you visit," says Jeffrey Knockel, the report's lead author and a senior researcher at the Citizen Lab. "Most users would have no way of knowing their personal data was being transmitted this way, and would be unable to prevent it."

In addition, Baidu Browser doesn't include special codes (a norm with other browsers) when it downloads routine software updates, which would allow hackers to secretly install malicious software on computers and phones.

In May 2015, Citizen Lab identified similar security concerns with UC Browser,​a popular browser owned by e­commerce giant Alibaba, also based in China. The in UC Browser were identified in documents leaked by Edward Snowden that revealed that intelligence agencies in Canada, the United States, the United Kingdom, Australia and New Zealand had used the vulnerabilities to identify users. 

The report is part of the Citizen Lab's ongoing research into p​rivacy and security of popular mobile applications used in Asia,​ including China's censorship of Google, Microsoft, and Yahoo search engines and its censorship and surveillance in TOM-Skype, a Chinese version of Skype.

In November 2015, Citizen Lab researchers notified Baidu of the browser's security issues. The company released updates that remedied some of the issues in January 2016, but many still remain unresolved.

"I wouldn't use Baidu anyway, as it's not as good as Google," Zhou says. "Now that I know about the problems, I'm glad that I can avoid it in Canada.

"They have to make Baidu more secure," Zhou says. "People don't have to undergo surveillance all the time."

Explore further: China's Baidu to invest $1.6 bn in cloud computing

Related Stories

China's Baidu releases new mobile browser

September 4, 2012

(AP)—Baidu Inc., which operates China's most popular search engine, has released a mobile browser and says it will invest in a cloud computing center as growth in Internet use shifts to mobile phones.

US senator wants Baidu to stop censorship

May 4, 2011

Assistant Senate majority leader Richard Durbin is calling on leading Chinese Internet firm Baidu to protect human rights and stop censoring search results.

China's Baidu buys mobile app firm for $1.9 bn

July 16, 2013

China's leading web search engine Baidu is to buy a smartphone app distribution firm for $1.9 billion, it said Tuesday, in what is believed to be the largest takeover in the country's Internet industry.

Recommended for you

Researchers find tweeting in cities lower than expected

February 20, 2018

Studying data from Twitter, University of Illinois researchers found that less people tweet per capita from larger cities than in smaller ones, indicating an unexpected trend that has implications in understanding urban pace ...

Augmented reality takes 3-D printing to next level

February 20, 2018

Cornell researchers are taking 3-D printing and 3-D modeling to a new level by using augmented reality (AR) to allow designers to design in physical space while a robotic arm rapidly prints the work.

What do you get when you cross an airplane with a submarine?

February 15, 2018

Researchers from North Carolina State University have developed the first unmanned, fixed-wing aircraft that is capable of traveling both through the air and under the water – transitioning repeatedly between sky and sea. ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.