
Sony Xperia phones come with Baidu spyware? - sleepyhead
https://talk.sonymobile.com/t5/Xperia-Z-ZL-ZR/Unknown-folder-baidu-is-created-on-starting-phone-each-time/td-p/819877/page/5?sl=y&sso_no_log=y
======
hkmurakami
I came in thinking that this was going to be about the Baidu IME Japanese
language input (which caused quite a stir earlier this year iirc, for the same
kind of logging and tracking -- though I think the information wasn't as
extensive as this). Lo and behold, it's much worse than that.

Wasn't it Sony that installed some kind of spyware in its VAIO machines or its
anti-piracy SW or something along those lines? When will they ever learn? And
there will likely never be an explanation for what they were trying to do
here.

They are already in a precarious position in the smartphone market with most
of their sales coming from Japan (and Sony Ericsson becoming just Sony Mobile
back in 2012). What were they going to do if shit really hit the fan and this
went to mass media in Japan as the "Chinese spyware phone" given the tension
between the two countries, especially given Japanese QE over the last 1.5+
years? Consumer sentiment is pretty irrational. I can easily see a situation
where they get labeled as a "traitorous company" and a boycott starts, at
least vs their mobile division. Shortsightedness at its finest.

I want to root for this company so badly yet every few years they do
boneheaded things like this and make me utterly despise their stupidity.

edit: On further thought I bet this is created by some pre-installed default
Baidu app that Sony QA didn't vet properly or didn't give a damn about. Or
maybe QA found the folder + the connection to China, but it was quashed by
management for "strategic reasons". The latter seems more likely, since the
engineers I know at Sony (at least in SCEI) are pretty damn good.

~~~
johnchristopher
I believe you are referring to the Sony BMG copy protection rootkit scandal
[0]

[0]
[http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootki...](http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal)

~~~
hkmurakami
That's the one. Thx!

Rootkit, Playstation Network hack, Baidu spyware, ... I want to believe in
Sony, and yet, this. :(

~~~
ameen
Sony isn't one monolithic behemoth. It's a conglomerate of various distinct
groups under a loosely coupled ownership.

Also, I fail to see how a push service is equated to any of those. They aren't
even related, PSN Hack occurred because of an unpatched vulnerability (an Ops
failure). Rootkit was DRM.

The latest Z3 series are wonderful phones, one of the best in the Android
ecosystem. That's what they should be judged on, not due to a poor choice of a
push service provider!

------
izacus
Can anyone explain why Chinese software like this is branded "spyware", while
Google Play and iCloud services aren't? Since it seems the difference is just
in the country that spys on me?

~~~
accurrent
Just american idiots round here, Ive prototyped apps using baidu push service
(the so called "spyware"). Its just another type of gcm except based in china.
GCM servers are at best unreliable in china thanks to censorship.

~~~
eklavya
Or maybe as an Indian I am concerned why my phone has to use Baidu at all,
when I am not using any service it provides and the fact that my data is being
sent to China without my knowledge?

~~~
romanovcode
I gotta ask, what difference does it makes where your data is collected -
U.S., EU or China?

~~~
eklavya
I hold EU in very high regards, so far they have not betrayed humanitarian
values. China is a concealed demon, however bad you might think US is, China
is a hell of a lot more and the reason is simple China is NOT a democracy. So
far the actions of both the countries align with this statement.

Also I know and agree that my data be collected by US/EU, I wasn't asked when
sharing my info to China.

------
SovietPriest
Funny so many people call this "spyware" while using smartphones with Google
apps/services that feed your data to the NSA. Priorities, people?

~~~
sleepyhead
The priority is to end companies spying. I agree that Google and NSA is a huge
issue too, and that debate has been going on for a long time.

------
keletappi
Reading the thread from the startt, it seems that Baidu is used for pushing
content to MyXperia.

MyXperia is their service similar to let you can remotely track or lock your
device. My guess is they are using Baidu's push service to send the commands
to device.

So I'd say this is a poor choice of service provider from Sony - especially
for non-Chinese versions - but _probably_ harmless.

~~~
fulafel
At best, as harmless as Google's command & control channel to Android devices
(=not very).

------
valevk
If you are on your phone, open the site in Desktop mode.

~~~
samdroid
...Otherwise you will be made sign up through a LONG and HORRIBLE sign up
process :O

------
tdsamardzhiev

      To sketch the magnitude of the problem: potentially, the Chinese governmnet can:
      ...
      Prevent your device from entering sleep mode
      ...
    

Oh well I'm screwed.

~~~
zyx321
Well, that means the screen will not time out, and thus will not ask for a
password. Baidu has location access too, so there's an obvious attack vector
in disabling the screen time-out before sweeping in and confiscating the
device.

It's the least menacing item on that list, but that doesn't mean it's
completely harmless.

------
mappu
I don't think it has anything to do with Sony, the folder is created by lots
of apps - wechat, MIUI themes. [http://forum.xda-
developers.com/showpost.php?p=55033304&post...](http://forum.xda-
developers.com/showpost.php?p=55033304&postcount=26) suggests it's also
created by ES File Explorer.

~~~
eklavya
It's happening for stock out of the box configs too. It has everything to do
with sony.

------
kalleboo
I imagine the baidu folder is set up due to baidu search or social network
integration.

The connections to IP addresses have been seen on other phones so it's
probably some software people have installed [http://forum.xda-
developers.com/showthread.php?t=2509815](http://forum.xda-
developers.com/showthread.php?t=2509815)

~~~
polack
Just unpacked my Sony Z3 compact, haven't installed a single app and its
connecting to China... Needless to say, I will never use this phone or any
other Sony product ever again.

~~~
hkmurakami
I'm willing to give SCEI (the Playstation unit) the benefit of the doubt still
(despite their hacking scandal), but I'm surely done with Sony Mobile devices
for sure.

~~~
throwawayaway
the playstation unit that progressively dropped features from the ps3 you paid
top dollar for? you are too kind.

~~~
spacemanmatt
I was just glad that DRM got the name-and-shame it deserved every time Sony
revoked a feature via online software-downgrade. Now I hate my PS3 and only
use it for Amazon and YouTube. The games I paid full price for all have their
hand out for DLC. Bleah.

------
0942v8653
Samsung Android phones come with Google spyware?

Apple iPhone phones come with Apple iCloud spyware? Google search spyware?
Yahoo search spyware? Bing search spyware?

Microsoft Windows Phone phones come with Microsoft spyware?

It's the same stuff. At least China tells people what they do, instead of
leaving people with uncertainty and doubt.

~~~
sleepyhead
If you buy a phone from Apple it is implied that it will make connections to
Apple. To a certain degree off course. However I have not bought a Baidu phone
and have not given my consent to be tracked.

What is wrong with you people who nitpick in this thread. It is an invasion of
privacy and is being done without my consent. That is the important issue
here.

------
eklavya
OMG I saw that folder a while back on my phone and ignored it thinking some
sony app uses it and it's included in case I set the phone language to
Chinese. But I never thought a Japanese company would be sending anything back
to a Chinese IP address!

------
pacific
My girlfriend recently bought an Xperia and a couple weeks later she received
a notice from google that someone was blocked when trying to log into her
gmail account from China. I wonder if there could be a connection.

~~~
theintern
It's extremely unlikely that the two are related. Account access attempts from
Chinese IP addresses are common for almost everyone on Gmail.

------
Zeebrommer
If I were to buy a new Sony phone, is there a way to stop this from happening?

~~~
hkmurakami
If it's the phone (Z3?) in question, it seems that an update that purges this
is incoming (though I wouldn't trust it until we have reports proving that
this is the case).

------
voltagex_
Has anyone reversed com.sonymobile.mx.android.apk yet?

~~~
philtar
I will if anyone can put the link up somewhere.

~~~
voltagex_
[https://mega.co.nz/#!bcxjxKgA!_vRRYgQbzmGxTXkAnLRG2DNuR9HhNS...](https://mega.co.nz/#!bcxjxKgA!_vRRYgQbzmGxTXkAnLRG2DNuR9HhNSJjB5kW84sl3q8)
is a UK Z3 firmware, I'm working on extracting it with 7zip and unyaffs.
Unless someone wants to adb pull from their own Z series device.

------
silviorelli
This is the folder I found in my Xperia Z, latest stock firmware (Android
4.4.4) installed after a full wipe about a month ago. Files are mostly empty.
[https://www.dropbox.com/s/ds1iyk5vffexrlx/baidu.zip.zip?dl=0](https://www.dropbox.com/s/ds1iyk5vffexrlx/baidu.zip.zip?dl=0)

------
throwawayaway
Their music arm is much much more morally elastic:

[https://www.scribd.com/doc/22131876/Underground-
Resistance-v...](https://www.scribd.com/doc/22131876/Underground-Resistance-
vs-Sony-BMG-tobias-c-van-Veen)

------
accurrent
libbd_push.so is Baidu's push notification service. Admittedly the fact they
have to use native libs is a bit shady however if you have a large chinese
userbase then GCM isnt really an option.

------
nyboylx
I'm the owner of the new Sony Z3 and even before this new Model , I had the
same Baidu folder in my older Sony Xperia S. I don't understand so many talk-
talk now and not before ?

------
Bossman
The worst part is that it starts the service and connects to China without
your consent or making you aware of it. At least I can turn off Google sync
without any issues.

------
jdalgetty
This makes me sad, I just bought the Z3c.

------
abhishekmdb
Indepth analysis : Is Sony’s Xperia smartphone sending back data to China
through ‘Baidu’ folder backdoor? [http://www.techworm.net/2014/10/sonys-
xperia-baidu-folder-au...](http://www.techworm.net/2014/10/sonys-xperia-baidu-
folder-autostarting-myxperia.html)

