The Citizen Lab would like to thank Seth Hardy from Lookout for assistance with
this report.This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via
man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.Jeffrey Knockel’s research for this project was supported by the Open
Technology Fund’s Information Control Fellowship Program. Sarah McKune’s
research was supported by a grant from the Open Society Foundations (Ronald J.
Deibert, Principal Investigator), and Adam Senft’s from the John D. and Catherine
T. MacArthur Foundation (Ronald J. Deibert, Principal Investigator)
