Baidu traced the mandatory access SDK or related bucket event

developers know almost said, from November 4th to 10 in the year, Baidu mobile assistant mandatory access to Baidu SDK, and access to the SDK must be connected to Baidu’s advertising alliance SDK.


technology news November 13th evening news, developers in the know said, from November 4th to November 10 during the day, Baidu mobile phone assistant mandatory access and access to the Baidu SDK, SDK must access Baidu advertising alliance SDK. However, the latest news, Baidu mobile assistant has abandoned the mandatory installation of SDK in November 11th.

there are those who broke the news, said last week, App issued a new version, upload to the market only when Baidu mobile assistant failed to audit, and received Baidu failed to review the cause of the message, the content is:

respected developers Hello, welcome to contact Baidu customer service center!

because there exist many malicious applications to take "upgrade", to avoid the Baidu review mechanism, push malicious behavior, serious damage to the interests of users, while the existing technology is temporarily unable to accurately judge whether they have the ability to upgrade their application, so the on-line App needs to access automatic update of SDK, to prevent malicious situation at present.

currently submitted version we will first be through, you will need to complete the audit submitted automatic updates from SDK and add in the current version by three days after this period, SDK has not updated the version we will be offline.

acceptable, please provide the package name, user ID audit.

thank you again for your support and understanding. If you have any questions, please reply directly to this email and we will answer it until you are satisfied.

Baidu said the move was related to the development of Baidu Android tool vulnerabilities, and later issued a statement and has been repaired, and now has been able to use normal.

It is reported that

, called the Baidu developer tool vulnerability refers to the last week was traced to the "back door", that Baidu offers a software development kit (SDK) was exposed to the existence of a backdoor, hackers can use this backdoor invasion user equipment. This SDK is used in thousands of Android applications. Trend Micro’s information security researchers said on Tuesday that the SDK was named Moplus. Although not publicly available, but this SDK is integrated into more than 14 thousand applications, of which only about 4000 applications for Baidu development.

straightforward, a serious threat to the SDK is that in Android device is root, the SDK allows the application of silent installation. This means that the user may not be able to install the device when it does not see any confirmation messages. In fact, Trend Micro researchers have discovered a worm that uses the back door to install applications that users don’t need. This malware named ANDROIDOS_WORMHOLE.H>

Leave a Reply

Your email address will not be published. Required fields are marked *