Some Sony Xperia KitKat Firmware Updates Contain Baidu Spyware?

Sony_Xperia_Baidu_Spyware_2

Chalk this under WTF, but some Sony Xperia smartphones running Android KitKat appear to contain an extra folder that may contain a Baidu spyware. China was most recently linked to diverting iCloud and Microsoft users to fake home pages in order to collect their data. While it’s unclear what information this software is sending back, it’s quite clear that it is pinging back to Chinese servers. The Baidu software so far has been found on Sony smartphones running Android 4.4.2 or 4.4.4., including Sony’s latest smartphones, the Xperia Z3 and Xperia Z3 compact. Besides Sony devices, the Baidu spyware, as it’s being called, can also be found on the HTC One M7, Nexus 5, Samsung Galaxy SIII, and other Android smartphones.

More details after the jump.

Sony_Xperia_Baidu_Spyware_1According to reports, the folder containing the spyware appears to be created by Sony’s ‘my Xperia’ service each time a network connection is switched on. As we mentioned, while it’s clear the spyware is pinging Chinese servers, it’s unclear what data is being transmitted. The folder in question can be found under your internal storage and is simply titled ‘baidu’ and is considerable in size. Community members have so far attempted to uncheck the app via ‘Device Administrators’  and starting their phones in ‘Safe Mode’ with no luck.

Unlike most apps which require the phone to be fully turned on before functioning, this particular software seems to load during boot time and immediately ping the Chinese servers. Sony has since commented the following message in their support forums:

 This folder will be removed in future software updates for the phone. Until then I can only advise that you delete it manually after a reboot if you want to remove it. It’s safe to just delete it. 

Unfortunately after deletion, the folder tends to appear back just a short time later. It’s worth noting that Baidu is the equivalent of Google in China, where the US search giant does not operate. With the Great Firewall of China blocking many external sites and search engines, including Google, it could simply be that the services are pinging back to home in order to connect with services Baidu offers like maps and search. Still, it doesn’t explain why the phone needs to ping back with the software and likely revealing one’s location prior to a full boot.

That is unless Sony is also using Baidu servers. It’s no real surprise that IT like most other things is far cheaper in China that elsewhere. Sony could simply be using Baidu servers, much in the same way that Amazon and Google offer cloud/server solutions for businesses. This could explain why the software links itself to the myXperia app which offers remote wiping of Sony Android devices. In order for a wipe command to be received by the device, the service needs to send a ping home and receive commands back prior to a full boot in case of theft.

Still, if this is the real reason, it’s unfortunate that Sony has been unclear about their intentions for the service and gives no way to opt out for those who are not comfortable with their location and other potential information pinging back to China. We’ll have more on this as it develops.

Discuss:

Have you found the Baidu spyware on your Android device?

[Via Sony]