Baidu isn’t a household name in the U.S., but the Chinese company is a giant in its home country. Unfortunately, it turns out that the firm might have a pretty big issue when it comes to user privacy and security, according to a new report from Citizen Lab.
Specifically, Baidu’s web browser for Windows and Android has allegedly been leaking a ton of information, either by encrypting it poorly or failing to encrypt it at all. That includes the user’s GPS location, search terms, sites they visited, nearby Wi-Fi networks and their phone’s unique IMEI number.
The report also found that Baidu’s browser is vulnerable to hackers using a man-in-the-middle style attack though the company has already fixed this problem. Unfortunately, that doesn’t seem to be the case for the rest of these issues.
Citizen Lab waited to release this information so Baidu would have time to fix the issues, but it says the company hasn’t made many changes. The group claims that Baidu’s browser is still leaking sensitive user data.
In response, Baidu argues that its data is all stored in special centers with “state-of-the-art security.” The company added that it is beefing up its security, and admitted that it legally shares some “non-sensitive” user data with third-party companies.