If you are using a Sony Xperia device running either Android 4.4.2 or 4.4.4 it’s advised (by me) that you install a custom ROM on your device. Several reports have appeared online that the stock firmware on these devices contains Baidu spyware that is discreetly sending data back to servers in China, you do not need to have installed any software on your phone as it’s bundled into the firmware.
With this spyware, a user named ‘Elbird’, on the Sony forums, claims that the Chinese Government can:
– Read status and identity of your device
– Make pictures and videos without your knowledge
– Get your exact location
– Read the contents of your USB memory
– Read or edit accounts
– Change security settings
– Completely manage your network access
– Couple with bluetooth devices
– Know what apps you’re using
– Prevent your device from entering sleep mode
– Change audio settings
– Change system settings
You can check to see if you have the spyware by using a file manager and checking for a folder called ‘Baidu’, some reports on Reddit also claim that their none Sony devices also have the folder so it’s worth making sure you’re not infected by checking your files. Some people have offered more complicated solutions to the problem by just blocking a service running on the device that creates the folder, but with this method it’s not safe to assume that your device will remain virus free so doing a clean ROM install is best.
Sony says that the problem will be fixed in Lollipop however Sony devices won’t get that release for a few months yet, the best course of action if you have an infected device is to research CyanogenMod to check if your device is supported, if it’s not then check the XDA forums for a ROM that does work on your phone.
Source: The Hacker News