Vulnerable shared Baidu development kit creates privacy issues and security leaks for Baidu-browser:https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/Again in this report we see the cooperation with "ClownFlare's halfbaked-SSL" negatively being reported:
In July 2014, Baidu formed a partnership with U.S.-based Internet traffic management company CloudFlare, creating a service that leverages Baidu’s Chinese data centres with CloudFlare’s traffic management services to increase traffic speeds across China’s border. The service, called Baidu Yunjiasu (百度云加速) or “Cloud acceleration,” is primarily targeted at businesses seeking to speed up the flow of traffic across China’s inefficient, censorship-heavy network. Part 2 of our analysis below describes a feature of Baidu Browser that proxies traffic to certain websites hosted outside of China to improve performance.
More important is it to mention the vulnerable apps using Baidu Analytics SDK:
ES File Explorer File Manager [com.estrongs.android.pop]
Photo Wonder-Collage Maker [cn.jingling.motu.photowonder]
Azar-Video Chat & Call, Messenger [com.azarlive.android]
ES Task Manager (Task Killer) [com.estrongs.android.taskmanager]
???PPS [tv.pps.mobile]
Meipai [com.meitu.meipaimv]
? [com.baidu.BaiduMap]
? [com.baidu.searchbox]
Well File Manager [com.fihtdc.filemanager]
SingPlay: Karaoke your MP3s [com.nexstreaming.app.singplay]
Kwai, the best short video App [com.smile.gifmaker]
Mydol (STAR LOCKSCREEN) [com.wacompany.mydol]
Speedometer GPS [luo.speedometergps]
ES App Locker [com.estrongs.locker]
??HD [com.qiyi.video.pad]
polonus