Over the last week there have been a rash of reports that folder with labels mentioning the Chinese search engine Baidu have been appearing on phones. The most obvious and prominent examples have been Sony's new Xperia Z3 series of phones and others running KitKat. Many users (and media outlets) jumped to the conclusion that these files were evidence of spyware, perhaps bolstered by recent and more credible reports of digital spying and hacking linked to the Chinese government.


Screenshot credit: Sony Mobile forum poster "Iggyjp"

There were some rather disturbing properties of these files; the "Baidu" folder couldn't be deleted by non-root users (or it simply kept reappearing) and sniffing network activity showed that these phones were pinging servers in China.

Sony Mobile has officially answered concerned users with a less alarming explanation. "Rickard," a vetted Sony employee posting on Sony's official support forum, explains that the MyXperia app uses both the Google Cloud Messaging Service and the Baidu Push Notification framework in order for Sony's proprietary software to work in China, where Google and Baidu services are more or less mutually exclusive. The network activity is pinging the Baidu Push Notification system, and according to Rickard, no user data is being transmitted to mainland China from Sony-made apps.

While you only have Sony's word for that, any regular Android user who dives into his or her phone's file system will know that randomly-named folders and data files tend to appear on the /sdcard partition. Android apps tend to treat it as a sort of random dump for non-critical files. Sony support says that to avoid this confusion in the future, the MyXperia app will be updated and won't ping Baidu's push system on devices sold outside of mainland China, though other third-party apps may have a similar result.

Source: Sony Mobile forum via XperiaBlog