I came in thinking that this was going to be about the Baidu IME Japanese language input (which caused quite a stir earlier this year iirc, for the same kind of logging and tracking -- though I think the information wasn't as extensive as this). Lo and behold, it's much worse than that.
Wasn't it Sony that installed some kind of spyware in its VAIO machines or its anti-piracy SW or something along those lines? When will they ever learn? And there will likely never be an explanation for what they were trying to do here.
They are already in a precarious position in the smartphone market with most of their sales coming from Japan (and Sony Ericsson becoming just Sony Mobile back in 2012). What were they going to do if shit really hit the fan and this went to mass media in Japan as the "Chinese spyware phone" given the tension between the two countries, especially given Japanese QE over the last 1.5+ years? Consumer sentiment is pretty irrational. I can easily see a situation where they get labeled as a "traitorous company" and a boycott starts, at least vs their mobile division. Shortsightedness at its finest.
I want to root for this company so badly yet every few years they do boneheaded things like this and make me utterly despise their stupidity.
edit: On further thought I bet this is created by some pre-installed default Baidu app that Sony QA didn't vet properly or didn't give a damn about. Or maybe QA found the folder + the connection to China, but it was quashed by management for "strategic reasons". The latter seems more likely, since the engineers I know at Sony (at least in SCEI) are pretty damn good.
Sony isn't one monolithic behemoth. It's a conglomerate of various distinct groups under a loosely coupled ownership.
Also, I fail to see how a push service is equated to any of those. They aren't even related, PSN Hack occurred because of an unpatched vulnerability (an Ops failure). Rootkit was DRM.
The latest Z3 series are wonderful phones, one of the best in the Android ecosystem. That's what they should be judged on, not due to a poor choice of a push service provider!
Can anyone explain why Chinese software like this is branded "spyware", while Google Play and iCloud services aren't? Since it seems the difference is just in the country that spys on me?
There is a bit more transparency when it comes to US and EU servers.
Issue with Chinese servers is that whole infrastructure is owned by government so they can track all info going through it without limits.
In US this is much more complicated.
Also since some time spy agencies around world were warning about those user informations sent back to China. They have their reasons but they wont reveal exactly what this is about since this would cause political cooling with China relations. Seems like something serious is going on there with all this data.
I agree from a stealing data point of view. However what is done to that data is a different matter. I don't think the US government cares about my data or other 'normal' users. I am afraid that the Chinese can exploit it though. Much more possible that some corrupt officials gives data to the Chinese mafia or have their secret hacker army do something to hurt a country they don't like.
Just american idiots round here, Ive prototyped apps using baidu push service (the so called "spyware"). Its just another type of gcm except based in china. GCM servers are at best unreliable in china thanks to censorship.
Or maybe as an Indian I am concerned why my phone has to use Baidu at all, when I am not using any service it provides and the fact that my data is being sent to China without my knowledge?
I hold EU in very high regards, so far they have not betrayed humanitarian values. China is a concealed demon, however bad you might think US is, China is a hell of a lot more and the reason is simple China is NOT a democracy. So far the actions of both the countries align with this statement.
Also I know and agree that my data be collected by US/EU, I wasn't asked when sharing my info to China.
OP here. European living in Asia. Any service that is tracking me without my consent is spyware. Regardless of the definition I am far more concern with being tracked by some Chinese company compared to a German company. So origin is important here.
Such as the U.S.? Are are you asserting that the U.S. is regulated? My guess is, every drug suspect prosecuted with parallel construction, every ISP, and everyone harassed at the border for their online activities would disagree.
I think the difference is with Google 'spyware' you actually DO opt in when you setup ypur phone for th first time. This app is loaded silently and without notification to the user.
I see your point. However there are many differences. For iOS and Android I have chosen those systems and thus to a certain degree accepted connections to Apple and Google. I have not however chosen to do anything with Baidu. Regardless I think anything that tracks you is spyware unless I have given it my consent to do so.
Reading the thread from the startt, it seems that Baidu is used for pushing content to MyXperia.
MyXperia is their service similar to let you can remotely track or lock your device. My guess is they are using Baidu's push service to send the commands to device.
So I'd say this is a poor choice of service provider from Sony - especially for non-Chinese versions - but _probably_ harmless.
Well, that means the screen will not time out, and thus will not ask for a password. Baidu has location access too, so there's an obvious attack vector in disabling the screen time-out before sweeping in and confiscating the device.
It's the least menacing item on that list, but that doesn't mean it's completely harmless.
Just unpacked my Sony Z3 compact, haven't installed a single app and its connecting to China... Needless to say, I will never use this phone or any other Sony product ever again.
Without taking a position on this particular case, I must observe that if you are going to boycott every company that has done something that allows some government to spy on customers, your list of vendors will be down to... I was going to say your local grocery shop, but thinking about it, they probably have a credit card reader, and I'd be astonished if there weren't at least some cases of governments tracking people via credit card purchases.
If they send data from my phone (potentially private information) to a foreign country without telling me, then I think its reasonable to boycott them. If I knew that my local grocery store sent my private information to china I would boycott them too. But I'm fairly convinced that they don't do that.
Eh, it's a push service. They aren't mining your information. It's used for their myXperia service, which is used to locate your device with a sound alert or display its position on a map. You can also erase data and/or lock your device if you lose it.[1]
Google, MS, Apple, Facebook and Twitter operate out a foreign county for most of us. At most they "tell" by way of click through agreements wherein you sign away your firstborn and then some, otherweise you are without smartphones and social media.
I'm willing to give SCEI (the Playstation unit) the benefit of the doubt still (despite their hacking scandal), but I'm surely done with Sony Mobile devices for sure.
I was just glad that DRM got the name-and-shame it deserved every time Sony revoked a feature via online software-downgrade. Now I hate my PS3 and only use it for Amazon and YouTube. The games I paid full price for all have their hand out for DLC. Bleah.
If you buy a phone from Apple it is implied that it will make connections to Apple. To a certain degree off course. However I have not bought a Baidu phone and have not given my consent to be tracked.
What is wrong with you people who nitpick in this thread. It is an invasion of privacy and is being done without my consent. That is the important issue here.
OMG I saw that folder a while back on my phone and ignored it thinking some sony app uses it and it's included in case I set the phone language to Chinese. But I never thought a Japanese company would be sending anything back to a Chinese IP address!
My girlfriend recently bought an Xperia and a couple weeks later she received a notice from google that someone was blocked when trying to log into her gmail account from China. I wonder if there could be a connection.
If it's the phone (Z3?) in question, it seems that an update that purges this is incoming (though I wouldn't trust it until we have reports proving that this is the case).
libbd_push.so is Baidu's push notification service. Admittedly the fact they have to use native libs is a bit shady however if you have a large chinese userbase then GCM isnt really an option.
I'm the owner of the new Sony Z3 and even before this new Model , I had the same Baidu folder in my older Sony Xperia S.
I don't understand so many talk-talk now and not before ?
The worst part is that it starts the service and connects to China without your consent or making you aware of it. At least I can turn off Google sync without any issues.
Wasn't it Sony that installed some kind of spyware in its VAIO machines or its anti-piracy SW or something along those lines? When will they ever learn? And there will likely never be an explanation for what they were trying to do here.
They are already in a precarious position in the smartphone market with most of their sales coming from Japan (and Sony Ericsson becoming just Sony Mobile back in 2012). What were they going to do if shit really hit the fan and this went to mass media in Japan as the "Chinese spyware phone" given the tension between the two countries, especially given Japanese QE over the last 1.5+ years? Consumer sentiment is pretty irrational. I can easily see a situation where they get labeled as a "traitorous company" and a boycott starts, at least vs their mobile division. Shortsightedness at its finest.
I want to root for this company so badly yet every few years they do boneheaded things like this and make me utterly despise their stupidity.
edit: On further thought I bet this is created by some pre-installed default Baidu app that Sony QA didn't vet properly or didn't give a damn about. Or maybe QA found the folder + the connection to China, but it was quashed by management for "strategic reasons". The latter seems more likely, since the engineers I know at Sony (at least in SCEI) are pretty damn good.