Alleged Baidu Spyware Gathering User Data From Sony Xperia Smartphones

Sony Xperia Smartphones with Android 4.4.2 or 4.4.4 KitKat versions have been allegedly found to send user data back to China-based servers of Baidu, according to a post from XPERIA Blog.

The alleged spyware was found after users reported a strange folder named “Baidu.” The folder appeared automatically with no user permission and it automatically reappears even if it is deleted with admin rights or from Safe Mode.

Photo Credit: Reddit User Phapstronaught

“Just unpacked my Sony Z3 compact, haven’t installed a single app and its connecting to China,” a Reddit user said. “I am not so concerned about the folder itself but my phone now has a constant connection to an IP address in Beijing which I am not too happy about.”

At first sight, the “my Xperia” service seems to create the Baidu folder every time it connects to its servers.

Also, the folder’s contents have been reported to send pings to a server in China.

Other users alleged that the Baidu folder helps the Chinese government spy on users.

Among alleged permissions, the spyware can read status and device identity, make videos and take pictures, get location data, read memory contents and change system settings — all without user consent.

Photo Credit: Sony Support Forum

“This folder will be removed in future software updates for the phone […] i can only advise that you delete it manually after a reboot if you want to remove it,” said one Sony support representative on their mobile support forum.

“The MyXperia app supports both Google Cloud Messaging service and the Baidu Push Notification framework, as do many third party apps, to make sure we can support our China customers as well as those in the rest of the world,” the support representative replied later on.

“The IP activity you are seeing is just linked to Baidu`s push notification system, which is an expected behaviour for this application.”