Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

This screen shot provided by Google Inc., shows the Google Play website.

The Associated Press

Hundreds of millions of Android smartphone users have downloaded photo-collage, karaoke and video-chat apps that send location data and other identifying details back to servers in China, a new report has found.

The information is collected by Chinese search and advertising engine giant Baidu, which collects users' GPS co-ordinates, names of nearby wireless networks and a unique device number that can be used to identify a person's phone, according to findings contained in a new report from The Citizen Lab at the University of Toronto's Munk School of Global Affairs.

That information is stored on Baidu servers. The company says it gives Chinese authorities access to its data in accordance with local laws.

Story continues below advertisement

But placing such material in government hands could provide a detailed picture of a person's movements and contacts, potentially threatening those who anger the Chinese state, such as human rights campaigners or democracy activists, said Ronald Deibert, the lab's director.

"That is obviously the ultimate and most serious risk," he said.

"The collection of all that fine-grained, detailed information is either poor engineering choices, or this is surveillance by design," he said. And, he added, "don't forget – none of that data disappears."

Baidu does not collect such information from Apple devices. But disclosure of the Chinese company's tracking comes as the iPhone maker faces off against the U.S. Federal Bureau of Investigation, which has demanded Apple help crack the lock on an iPhone used by San Bernardino mass shooting suspect Syed Farook.

Mr. Deibert said Baidu's practices illuminate the privacy battle at the heart of that dispute.

"It's an important public policy threshold now that I think is being crossed," he said.

"We're building a kind of digital house of cards here, and I don't think people fully appreciate just how much information is being given away as part of our daily routine."

Story continues below advertisement

The Baidu information tracking is built into the Beijing company's Web browser for Android, as well as apps that use the software development kit for its Baidu Mobile Tongji, which allows Android app makers to track analytical data. Thousands of apps use the service, some distributed worldwide through the Google Play store.

One, ES File Explorer File Manager, claims more than 300 million users and can be used in more than 30 languages.

A Windows Web browser made by Baidu went further, tracking hard drive serial numbers and Web browsing histories – but only a tiny number of users have that browser.

When The Citizen Lab first began looking at the Baidu data collection, it discovered that much of the information was transmitted either without encryption, or in ways that could easily be decrypted.

Mr. Deibert's team sent its findings to Baidu in late November, and the company quickly responded, updating its Android Web browser to what spokesman Kaiser Kuo called "the absolute strictest standards, to basically undecipherable encryption." That work is "basically done," Mr. Kuo said Wednesday.

Encryption on the Mobile Tongji software development kit was also upgraded in December, he said, although Mr. Deibert said checks by his team a week ago found "no fixes."

Story continues below advertisement

Baidu has not, however, changed the type of information it stockpiles.

"As far as what data is used, there are perfectly good reasons for developers to need to know a lot of stuff – it's for them to be able to provide a better user experience," Mr. Kuo said. In China, he said, it's also "quite standard" to harvest the 15-digit International Mobile Station Equipment Identity, a unique number that can pinpoint a particular smartphone no matter what apps or online accounts a person uses.

"We don't collect more than most people," Mr. Kuo said.

But one Chinese marketing group, in an online post made in 2013, pointed to Baidu's information collection as one reason to use it, saying "Baidu tracks each individual user, allowing you to see all the pages they visited," a capability Google does not provide.

Google's own analytics software bans the uploading of information that can "personally identify an individual … or data that permanently identifies a particular device."

The Baidu-made software appears to be "sending many critical bits of data," said Nate Lawson, founder of app analytics firm SourceDNA. Developers might want some of that information to spot coding problems. "But the result for end users is a loss of privacy," he said.

Story continues below advertisement

The Baidu revelations come amid the global rise of Chinese Internet giants, who are headquartered in a country that severely censors and monitors its online space.

Companies in China, South Korea and Vietnam are behind the most popular apps using the Baidu software. None replied to e-mails sent by The Globe and Mail.

The erosion of smartphone privacy has grown into a major concern for companies and governments whose employee devices can siphon off information that may be sensitive or classified.

On Tuesday, San Francisco-based Appthority released a report that found 100 per cent of the most common apps on corporate smartphones "have data leakage and privacy invasive behaviours." Some smartphone apps go far beyond the Baidu software, exporting text messages, address books and calendar information. Advertisers seeking to profile buyers can profit from this information, but so can scammers and intelligence agencies.

China now ranks among the top national destinations for such transmissions, said Domingo Guerra, president of Appthority, which has analyzed over 3.5 million mobile apps.

Baidu calls the data it obtains "anonymous identifiers," but in other countries it is classified as "personally identifiable information," Mr. Guerra said.

Story continues below advertisement

Smartphone apps, often a Frankenstein mix of different software elements from different places – some to push ads, some to report program crashes – have created thorny transnational problems, he said.

"It's really a new frontier, in the sense that a lot of the privacy laws and Internet privacy laws that we have don't necessarily apply to mobile very well," Mr. Guerra said.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies