Sony Officially Responds to Hidden Baidu Software on Xperia Smartphones

Baidu_Sony_Xperia_Z3As we reported late last week, keen-eyed Xperia users had discovered a folder titled Baidu on Sony smartphones running Android 4.4.2 or 4.4.4., including Sony’s latest, the Xperia Z3 and Xperia Z3 compact. Activated by the MyXperia app, the software appeared to be pinging Chinese servers without user consent with no trace of what information was being sent back. Making matters worse, the folder containing the software could not be easily deleted and was active for all, whether you lived in China and used Baidu or not. Now Sony has officially commented on the matter and has promised a fix.

Rickard – Sony Xperia Support:

 I’ve had some further feedback from the guys in our development team. I can confirm that Xperia phones don’t store any user data for transmission to Baidu. The MyXperia app supports both Google Cloud Messaging service and the Baidu Push Notification framework, as do many third party apps, to make sure we can support our China customers as well as those in the rest of the world. Both get automatically initialised when you first activate MyXperia. The IP activity you are seeing is just linked to Baidu’s push notification system, which is an expected behaviour for this application.

Future updates of MyXperia will be optimised so the Baidu Push Notification framework is only initialized in Mainland China variants of Xperia devices. But as these services are common standards in the industry, other 3rd party applications may also include Baidu Push Notifications or other Baidu services, resulting in the Baidu folder being shared between such applications. Sony Mobile fully reassures all its customers that MyXperia uses a push notification system and does not store any user data for transmission to Baidu. 

Magnus Hilding – Lead Developer of MyXperia at Sony Mobile:

 We built the app using both protocols to ensure both our Chinese and global users could enjoy MyXperia. However, we’ve designed later versions to package the service relevant to a specific region only – these updates are right around the corner, rolling out soon. 

In a nutshell, according to Sony, nothing of malice is taking place. The reason the Baidu folder exists is simply based on Baidu’s push notification protocol system. For those not familiar, Baidu is the equivalent of Google in China where the Mountain View company does not operate. Sony explains that their software supports “both Google Cloud Messaging service and the Baidu Push Notification framework,” and that both software are automatically initiated when you first activate MyXperia. Sony chose this route so that no matter where the end user lives, be it in mainland China or elsewhere, there would be some form of push notification system active for them.

Still, Sony is stating that a new update is around the corner that will make the activation of the system more local. This means that unless you’re a Chinese user,  Baidu will not be live on your device. Sony does want to reassure users that even without the fix, none of their information is being transmitted back to Baidu or anyone else in China. While we can’t blame anyone for feeling paranoid by this event, especially after all the news out of China where officials were spoofing Apple and Microsoft websites in order to collect information about their citizens, it seems in this case, there is nothing to see here. Instead, it all really comes down to a bad decision by Sony engineers with seemingly no real consequence.

Discuss:

Are you satisfied by Sony’s response?

[Via Sony Support]