Do you remember Xiaomi controversy where it was said that Mi3 was allegedly sending some data to Chinese servers and which was later explained by the Xiaomi officials; a very similar kind of case has been spotted on Sony Xperia devices. It is being found that a few Xperia handsets running android 4.4.2 and android 4.4.4 KitKat firmware have a folder named “baidu” in their internal memory which is not associated with any app and can’t be deleted.
It is believed that the issue is associated with the “myXperia” app which is a similar kind of service just like Android Device Manager. As soon as myXperia app is activated the folder is spotted in the device internal storage. The folder can’t be deleted as it is appearing again in the storage.
Baidu spyware found on a few Sony Xperia devices
How to look if you have this issue or not ? Activate myXperia app from Security settings of your device. Now go to internal storage folder and look for a folder named “baidu”, as shown in pic below.
The above folder “baidu” is seen pinging Chinese servers.
Is there anything for Concern ? Yes, May be.
To find out more in detail, Install this app OS Monitor from Play Store, Activate myXperia app on your device, try locating your device from PC. Open the OS Monitor app and then look for myXperia app check in connection tab the location where it is being pinged.
It is a reason of concern for many users that why the app is pinging to Chinese servers in the first place and as myXperia app has administrator rights of the device what data it is sending to those servers.
What Sony has to say on this issue ?
Sony Xperia support member has confirmed that this “baidu folder will be removed in future software updates for the phone. Until then users can delete it manually“.
Do we have this issue ?
We looked for similar kind of folder on our Xperia Z2 running stock android 4.4.2 firmware but fortunately there is no folder with such name. You can have a look at the pic below.
What you can do now ?
Go to Security settings > Device Administrators > Uncheck myXperia app.
Deactivate myXperia from Security settings. You can’t disable it or remove it without rooting.
Possible Explanation of whole Issue and how to remove the Baidu folder ?
A user Radeon962 from OnePlus forums explains the issue as :
Baidu is basically Chinese Google. The Chinese government has control over censorship in the country. These two individual facts do not mean your data is being harvested. For those that are paranoid beyond my reasoning, I’ll provide instructions to block this without root at the end of the post. For everyone else, please read on.
Currently people are getting excited about the fact that the Z3/Z3c are pinging a server in China and creating a Baidu folder in the internal storage which contains a rather large database of information. This was discovered to be caused by the myXperia app. The service begins pinging the server as soon as the network connection returns a “true” state (meaning connected). This is when the Baidu folder is created, even if you deleted it previously.
The myXperia service provides you with various features specific to your device. One of those is remote wipe functionality. In order to do this, the service needs to maintain a rather frequent check in to the home server to verify location data and device state among other things. This needs to happen even if the device is factory reset, since it sends a unique device identifier to the server to validate against any known devices reported stolen. Factory resetting your device would otherwise prevent the thief from being discovered and would render the service nearly useless. This is why it runs all the time.
The problem most people have is that the servers Sony are using happen to be in China for two obvious reasons. One reason is the low cost. I don’t think further explanation is needed here. The other reason would be to ensure that Chinese citizens can still use the service as well, since this sort of service must be hosted in the Chinese mainland for them to have access to it under Chinese law. This is for censorship purposes.
Another issue people have with this is that the service runs at boot time even if you don’t enable the myXperia service. This happens for the reason I listed before. If the device is factory reset and it doesn’t phone home, then the thief simply gets away with it. This prevents that from happening as best as can be helped by running from the time of initial setup.
Perhaps the choice of monitoring partner was poor, but there seem to be valid reasons beyond “OMG SONY WANTS MY TIN FOIL HAT”. Perhaps there is a bit of truth to that, but I doubt that this is malicious or anything more than a misunderstanding by the general public.
So, with all that in mind, do you still wish to allow this service to run on your device? If not, here’s how you prevent it from giving you anymore headaches.
- Go ahead and backup anything you need and factory reset.
- Remove your SIM card before powering back up.
- Skip through the initial setup options without connecting to a network.
- Open up Settings > Apps > Running and Force Close the two myXperia apps.
- Use the File Commander app and delete the Baidu folder from the internal storage.
- Open up Settings > About Phone > Tap the Build Number 7 times to enable developer mode.
- Enable USB debugging in the Developer Settings.
- Plug the Z3/Z3c into your PC and open up a command window with adb.
- Enter the following lines into the command window.
- adb shell
- pm block com.sonymobile.mx.android
NOTE : It is spotted that even HTC One M8, Nexus 5, OPO handsets also have similar kind of “baidu” folder on their device. Some users are saying that it is happening due to some launcher but some don’t agree to it.
We have tweeted to Sony about this matter, looking for a response now.
This is a very serious matter and Sony has to respond officially over this matter, we are hoping the company will come up with a proper satisfying answer. Collecting user data without permission is very unwanted and unethical.
Source – Sony Talk Forums | Hacker News | OnePlus Forum | XDA