Posted on Oct 30 2014 - 12:53am by Anurag Kumar

Do you remember Xiaomi controversy where it was said that Mi3 was allegedly sending some data to Chinese servers and which was later explained by the Xiaomi officials; a very similar kind of case has been spotted on Sony Xperia devices. It is being found that a few Xperia handsets running android 4.4.2 and android 4.4.4 KitKat firmware have a folder named “baidu” in their internal memory which is not associated with any app and can’t be deleted.

It is believed that the issue is associated with the “myXperia” app which is a similar kind of service just like Android Device Manager. As soon as myXperia app is activated the folder is spotted in the device internal storage. The folder can’t be deleted as it is appearing again in the storage.

Baidu spyware found on a few Sony Xperia devices

How to look if you have this issue or not ? Activate myXperia app from Security settings of your device. Now go to internal storage folder and look for a folder named “baidu”, as shown in pic below.

Baidu spyware Xperia devices

The above folder “baidu” is seen pinging Chinese servers.

Sony China spying issue

Sony sending data to chinese servers via myXperia app

Is there anything for Concern ? Yes, May be.

To find out more in detail, Install this app OS Monitor from Play Store, Activate myXperia app on your device, try locating your device from PC. Open the OS Monitor app and then look for myXperia app check in connection tab the location where it is being pinged.

It is a reason of concern for many users that why the app is pinging to Chinese servers in the first place and as myXperia app has administrator rights of the device what data it is sending to those servers.

What Sony has to say on this issue ?

Sony Xperia support member has confirmed that this “baidu folder will be removed in future software updates for the phone. Until then users can delete it manually“.

Sony Baidu sypware found

Do we have this issue ?

We looked for similar kind of folder on our Xperia Z2 running stock android 4.4.2 firmware but fortunately there is no folder with such name. You can have a look at the pic below.

Baidu spyware found on a few Sony Xperia devices

What you can do now ?

Go to Security settings > Device Administrators > Uncheck myXperia app.

Deactivate myXperia from Security settings. You can’t disable it or remove it without rooting.

Possible Explanation of whole Issue and how to remove the Baidu folder ?

A user Radeon962 from OnePlus forums explains the issue as :

Baidu is basically Chinese Google. The Chinese government has control over censorship in the country. These two individual facts do not mean your data is being harvested. For those that are paranoid beyond my reasoning, I’ll provide instructions to block this without root at the end of the post. For everyone else, please read on.

Currently people are getting excited about the fact that the Z3/Z3c are pinging a server in China and creating a Baidu folder in the internal storage which contains a rather large database of information. This was discovered to be caused by the myXperia app. The service begins pinging the server as soon as the network connection returns a “true” state (meaning connected). This is when the Baidu folder is created, even if you deleted it previously.

The myXperia service provides you with various features specific to your device. One of those is remote wipe functionality. In order to do this, the service needs to maintain a rather frequent check in to the home server to verify location data and device state among other things. This needs to happen even if the device is factory reset, since it sends a unique device identifier to the server to validate against any known devices reported stolen. Factory resetting your device would otherwise prevent the thief from being discovered and would render the service nearly useless. This is why it runs all the time.

The problem most people have is that the servers Sony are using happen to be in China for two obvious reasons. One reason is the low cost. I don’t think further explanation is needed here. The other reason would be to ensure that Chinese citizens can still use the service as well, since this sort of service must be hosted in the Chinese mainland for them to have access to it under Chinese law. This is for censorship purposes.

Another issue people have with this is that the service runs at boot time even if you don’t enable the myXperia service. This happens for the reason I listed before. If the device is factory reset and it doesn’t phone home, then the thief simply gets away with it. This prevents that from happening as best as can be helped by running from the time of initial setup.

Perhaps the choice of monitoring partner was poor, but there seem to be valid reasons beyond “OMG SONY WANTS MY TIN FOIL HAT”. Perhaps there is a bit of truth to that, but I doubt that this is malicious or anything more than a misunderstanding by the general public.

So, with all that in mind, do you still wish to allow this service to run on your device? If not, here’s how you prevent it from giving you anymore headaches.

  1. Go ahead and backup anything you need and factory reset.
  2. Remove your SIM card before powering back up.
  3. Skip through the initial setup options without connecting to a network.
  4. Open up Settings > Apps > Running and Force Close the two myXperia apps.
  5. Use the File Commander app and delete the Baidu folder from the internal storage.
  6. Open up Settings > About Phone > Tap the Build Number 7 times to enable developer mode.
  7. Enable USB debugging in the Developer Settings.
  8. Plug the Z3/Z3c into your PC and open up a command window with adb.
  9. Enter the following lines into the command window.
    • adb shell
    • pm block com.sonymobile.mx.android
    • exit
    • reboot

NOTE : It is spotted that even HTC One M8, Nexus 5, OPO handsets also have similar kind of “baidu” folder on their device. Some users are saying that it is happening due to some launcher but some don’t agree to it.

We have tweeted to Sony about this matter, looking for a response now.

 

This is a very serious matter and Sony has to respond officially over this matter, we are hoping the company will come up with a proper satisfying answer. Collecting user data without permission is very unwanted and unethical.

Source – Sony Talk Forums | Hacker News | OnePlus Forum | XDA






About the Author

Blogging as a hobby. Sales & Marketing Professional. MBA (IB) from IIFT Delhi (2015-17). Founder & Editor-in-Chief of GizmoBolt.com ( formerly XperiaGuide.com ) & TipsySafarnama.com. Follow at Facebook I Twitter I Google Plus | LinkedIn | Instagram. Contact at [email protected] for feedback and sending tips. Donate Us.

8 Comments so far. Feel free to join this conversation.

  1. a2 October 30, 2014 at 7:42 am - Reply

    I am having it too on my Xperia SP 4.3. BTW which is the second app in the screenshots?

  2. babu bd October 30, 2014 at 11:56 am - Reply

    thanks for this information

  3. Hitesh Pande October 30, 2014 at 12:48 pm - Reply

    Hi,
    I have already moved from zl to nexus 5. i guess its innocuous mistake which is blown out of proportion.I saw digest folder also in your image file. whats that?

    • Anurag Kumar October 30, 2014 at 7:24 pm - Reply

      that is because of one of apps’ folder.

  4. Akshiv Kumar October 30, 2014 at 7:44 pm - Reply

    Yes its coming on my phone xperia c3 dual also

  5. jagrat October 31, 2014 at 8:50 pm - Reply

    Yes exactly right. I saw when I flashed a Taiwan firmware. I got a Baidu folder. I deleted it for 100 times but it redrawn. And my “my Xperia” app eat ram 120mb so I rooted my phone and blocked app “my Xperia”. Thanks for reporting but Sony need “chullu bhar paani mein doob marna chahiye” I Dont know what it we say in english l.

  6. jagrat joshi October 31, 2014 at 9:02 pm - Reply

    Yes I also have Xperia zr. I got it after flashing 4.4.4 Taiwan. And after getting I deleted it 100 time but it redrawn. I also noticed that “my Xperia” app eats 100+mb ram. So I rooted and freez “my Xperia ” app. Sony needs “chullu bhar pani mein doob marna chahiye” don’t know what it say in english.

Leave A Response

*