AH Sony Logo 1.4

Sony Xperia Devices Reportedly Containing ‘Baidu’ Spyware [Update: Response from Sony]

October 28, 2014 - Written By John Anon

If you are currently a Sony Xperia handset owner than it is probably wise to listen up. Reports are coming in from several forums that some Xperia handsets seem to contain the Baidu spyware. In particular the problem seems to persist on KitKat running devices. If you do own a Sony Xperia device and running either the Android 4.4.2 or 4.4.4 KitKat firmware then you are probably at the most risk of the spyware. Thankfully this is a spyware you can check to see if you have. The folder is aptly named ‘Baidu’ and if you see it then you have the spyware. It seems at present there is also no way of deleting the folder. It appears to be created by Sonys ‘my Xperia’ service each time a connection is made and is reported to be sending pings to China, as you can see in the images below. There is no further information known on what these pings are transmitting but nevertheless they do seem to be transmitting.

As mentioned the actual folder does not seem to be able to be removed regardless of what is tried. Users have reported deleting the folder and it instantly reappears as well as unticking the folder from device administrator equally seems to do nothing. Sony are aware of the situation but do not seem to be able to do anything as it is built into the current firmware. As such the only real information Sony could provide is that the spyware will be removed in future firmware updates.

So there you go. It seems a number of Xperia devices are reporting and noting this issue and if you are one of the affected then you are not alone. According to the reports affected devices include the new Sony Xperia Z3 and Z3 Compact. It is worth noting that the spyware does not necessarily affect the process or functionality of your device and as such you shouldn’t worry in this respect. However on a more serious note there is the issue of what is the information being transmitted. With such emphasis nowadays on privacy this is the main thing to be concerned about. Unless Sony can roll out some kind of fix in the near future then it seems you might have to wait until Lollipop rolls out in January before you can get rid of Baidu. Let’s just hope Lollipop does not also contain it.

Update: Sony has gotten in touch with us regarding the security issues mentioned:

Sony Mobile takes the security and privacy of customer data very seriously. We would like to reassure customers who are concerned following reports related to the Baidu application folder that may be found in Xperia devices.  The pre-installed MyXperia app, Sony’s security app that helps you to locate and remote lock your Xperia smartphone when it’s been lost or stolen, is designed to support both Google Cloud Messaging service and the Baidu Push Notification framework in order to offer full global coverage for the service – both of these are initialised by default when MyXperia is first activated.  Sony Mobile fully reassures all its customers that MyXperia uses a push notification system and does not store any user data for transmission to Baid.