Major security and privacy issues in UC browser: Study

Reported by Dr. Sisira Raj 15

Follow Us

A study conducted by a Toronto-based research lab on UC Browsers, a popular mobile web browser, finds major security and privacy issues in the English language and Chinese language editions its Android version. The study found that both versions of the application leak a significant amount of personal and personally identifiable data; as a result, any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries) through trivial decrypting of traffic or by observing unencrypted traffic.

UC-Browser-1-595000




The study was conducted by Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security.

The major findings in the study includes user data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibaba analytics tool, in the Chinese language version. User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version. User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).

“The transmission of personally identifiable information, geolocation data and search queries without encryption represents a privacy risk for users because it allows anyone with access to the data traffic to identify users and their devices, and collect their private search data,” the study says.

In the Chinese language version, when users attempt to delete their private data by clearing the application’s cache their DNS lookups are not deleted. “The cached record of DNS lookup data would allow for a third party with access to the device to identify the websites that a user visited,” the study warns.

Which is your prefered mobile browser do let us know via comments?

Reported By

Sisira is presently working as a Medical Officer with a leading lifestyle hospital. If not on duty, you may find her in nearby tea shop eating her favourite green shell mussel dishes

Related Posts

Editors Pick

Minimum Mandatory Smartphone Usage Etiquette That You Need to Know

  • Have a breaking news, inside story, scoop?

    Write to us, your anonymity is our priority at news [at] telecomtalk.info

  • Want to be featured on TelecomTalk?

    Send us your articles, stories, suggestions, feedback at news [at] telecomtalk.info

PAN INDIA SPECTRUM DETAILS

India Spectrum Holding Timeline 2024

Search

Telecommunication Frequency Bands

India Spectrum Holding Timeline 2024

DTH Satellites in India

A handy guide to Satellites used for broadcasting DTH signals in India

Recent Comments

Faraz :

Glad no such thing in Jio.

Vodafone Idea Restores Services After Brief Outage in Delhi NCR

Abhijith :

Finally took risk with only bsnl around Kerala for past 2days in train till Thrissur . Felt much better than…

Telecom Drive Tests Reveal Airtel, Jio Lead in Network Quality…

Shivraj Roy :

Woh sab toh thik haiBut Tamil Nadu Kaisa jaenge bhai?

Vodafone Idea Restores Services After Brief Outage in Delhi NCR

Shivraj Roy :

Bhai its India Youtube pe jhoote videos nahi banaenge toh kaam kaisa chalega Literally fake ,lies ,clickbait and stolen videos…

Vodafone Idea Restores Services After Brief Outage in Delhi NCR

Shivraj Roy :

Sadly there is no way out Even if you keep the phone screen off ,they would send SMS and remind…

Vodafone Idea Restores Services After Brief Outage in Delhi NCR

Load More

CATEGORIES

Expert Opinion

Subscribe
Notify of
guest
15 Comments
newest
oldest most voted
Inline Feedbacks
View all comments