Recently, news broke out that Sony Xperia smartphones were spying on users. The issue was related to the presence of a ‘Baidu’ folder on the Xperia series phone and that this folder could not be deleted, even with admin privileges.
Furthermore, the folder was connecting regularly to servers in China, even on new smartphones just out of the box. While it soon became clear that the MyXperia app was responsible for the folder, it wasn’t clear what data was being sent back.
Now Sony has come out and categorically stated that nothing fishy is going on. There is no transmission of data to Baidu and Xperia smartphones are simply connecting to the Baidu Push Notification framework, which is one of the largest in China.
What’s happening is that the MyXperia app initializes Google Cloud Messaging and Baidu Push Notification framework regardless of where a user is located. This means the phone connects to servers in China which comes off as suspicious.
Honestly, we’re just surprised at the oversight. Software for Chinese customers should not be deployed in global editions of a smartphone. Sony has already been in hot water in recent times with the installation of un-removable rootkits on user PC’s to track user listening habits and this is something that might hurt the reputation of the company.
If you’re still concerned, Sony has stated that updates are on their way which will remove the Baidu Push Notifications for people not in regions that utilize the framework. Here is the detailed response from a Sony representative:
“I’ve had some further feedback from the guys in our development team. I can confirm that Xperia phones don’t store any user data for transmission to Baidu.
The MyXperia app supports both Google Cloud Messaging service and the Baidu Push Notification framework, as do many third party apps, to make sure we can support our China customers as well as those in the rest of the world. Both get automatically initialised when you first activate MyXperia.
The IP activity you are seeing is just linked to Baidu’s push notification system, which is an expected behaviour for this application.
Future updates of MyXperia will be optimised so the Baidu Push Notification framework is only initialized in Mainland China variants of Xperia devices.
But as these services are common standards in the industry, other 3rd party applications may also include Baidu Push Notifications or other Baidu services, resulting in the Baidu folder being shared between such applications. Sony Mobile fully reassures all its customers that MyXperia uses a push notification system and does not store any user data for transmission to Baidu.”