Uber Denies Baidu Code Could Track Users Location Globally

By Prei Dy, | March 11, 2017

Uber denies allegations that code used on the previous version of its app allows China's Baidu to locate users. (YouTube)

Uber denies allegations that code used on the previous version of its app allows China's Baidu to locate users. (YouTube)

Uber has brushed off allegations that code in the earlier version of its app from Chinese tech giant Baidu was utilized to track the location of its users outside the mainland.

In a statement issued by the car-hailing app, Uber explained that "Baidu's public SDK [software development kit] was disabled on the Uber app everywhere outside of China and was used only to enable US riders to use Uber services while traveling in China without downloading a separate app."

Like Us on Facebook

It continued that after Uber stopped its China operations in 2016, the Baidu SDK was no longer included on the latest version of the app.

The statement was issued after Inc. said that a team of cybersecurity researchers from Appthority alleged that they found a code in a November 2016 version of the Uber app when they analyzed different Baidu codes. The code reportedly allowed Baidu to send data of all of Uber's users globally back to the company's servers in China.

Appthority, however, clarified it did not possess any proof that the code was used to track users outside China. But it said that there are still lines of the code found in the latest version of Uber.

Appthority also said that the code is not constantly running in the background of the users' mobile devices. But the San Francisco-based firm specializing in providing secure mobile solutions for enterprises said it would continue to determine what the code is really for.

Moreover, Appthority also discovered that over 600 apps are tapping into Uber's data through its application program interfaces (APIs). And over 50 percent of these fail to securely encrypt the user data they obtain from Uber. Such move could leave sensitive or confidential user data from Uber vulnerable to hackers.

Su Mon Kywe, the lead researcher, said that Uber could protect its user data by implementing strict API policies and terminating partners that do not meet with its data secure standard.

"Uber needs to realize that it's Uber's reputation and it's Uber's users' information at risk whenever they allow just any third-party to access that data," Domingo Guerra, Appthority's co-founder and president, said.


©2024 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics