Such user data is transmitted, in both the Windows and Android versions, unencrypted or with easily decryptable encryption, which means that any in-path actor could acquire this data by collecting the traffic and performing any necessary decryption. The report identifies security concerns in both the Windows and Android versions of the browser that may expose personal user data, including a user’s geolocation, hardware identifiers, nearby wireless networks, web browsing data and search terms. This report provides a detailed analysis of how Baidu Browser manages and transmits user data during its operation. The browser offers a number of features beyond those found in standard browsers, including video and audio download tools and built-in torrent support. Please see the “ Update: Analysis of updated versions of Baidu Browser” section at the end of this report for updates on these issues, following our disclosure to the vendor and our analysis of the latest versions released prior to publication.īaidu Browser is a free web browser for the Windows and Android platforms, produced by Baidu, one of China’s largest technology companies.
Neither the Windows nor Android versions of Baidu Browser protect software updates with code signatures, meaning an in-path malicious actor could cause the application to download and execute arbitrary code, representing a significant security risk.
The Windows version of Baidu Browser also transmits a number of personally identifiable data points, including a user’s search terms, hard drive serial number model and network MAC address, URL and title of all webpages visited, and CPU model number, without encryption or with easily decryptable encryption.The Android version of Baidu Browser transmits personally identifiable data, including a user’s GPS coordinates, search terms, and URLs visited, without encryption, and transmits the user’s IMEI and a list of nearby wireless networks with easily decryptable encryption.Baidu Browser, a web browser for the Windows and Android platforms, transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks.What's more, Offcloud protects your privacy by stepping in as your cloud-based downloading client. In a few moments, you willl have your download in your cloud storage, ready to use and enjoy. To download the web content, you just have to submit the web content’s URL into Offcloud and click Fetch. Thanks to Offcloud’s easy integration with Baidu, you can conveniently grab any web content and information from Baidu’s sites, most especially, and upload them directly to any of your preferred cloud storage services.
Downloads from Baidu's vast network allow Offcloud's users to access content from sites that rely on Baidu, which controls huge amounts of data and information. Offcloud's link with Baidu represents a remarkable milestone in the industry. And now, Offcloud can tap into this massive resource by supporting downloads from this Chinese tech giant’s websites. All of this means that it is a dominant force in the major categories, such as the search engine, music, and the free web encyclopedia domains. Whether you are a Chinese national, residing in China, or none of that, but have always wished for a better way to download links from Baidu, you’re in luck! Offcloud has successfully set up a way for you to download content straight from the Chinese tech giant.īaidu is known as the Google of China, the iTunes of China, and the Wikipedia of China, among other nicknames.