Major security and privacy issues in UC browser: Study

By May 23rd, 2015 AT 1:40 PM

A study conducted by a Toronto-based research lab on UC Browsers, a popular mobile web browser, finds major security and privacy issues in the English language and Chinese language editions its Android version. The study found that both versions of the application leak a significant amount of personal and personally identifiable data; as a result, any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries) through trivial decrypting of traffic or by observing unencrypted traffic.

UC-Browser-1-595000

The study was conducted by Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security.

The major findings in the study includes user data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibaba analytics tool, in the Chinese language version. User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version. User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).

“The transmission of personally identifiable information, geolocation data and search queries without encryption represents a privacy risk for users because it allows anyone with access to the data traffic to identify users and their devices, and collect their private search data,” the study says.

In the Chinese language version, when users attempt to delete their private data by clearing the application’s cache their DNS lookups are not deleted. “The cached record of DNS lookup data would allow for a third party with access to the device to identify the websites that a user visited,” the study warns.

Which is your prefered mobile browser do let us know via comments?

Sisira is presently working as a Medical Officer with a leading lifestyle hospital. If not on duty, you may find her in nearby tea shop eating her favourite green shell mussel dishes

15
Leave a Reply

avatar
Photo and Image Files
 
 
 
5 Comment threads
10 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
10 Comment authors
HC Tech ByteSudhakarRanajitSunnymanu Recent comment authors
newest oldest most voted
Sudhakar
Sudhakar

I am using FIREFOX 38.0.1 and the default mobile browser of my G3 mobile. I use kaspersky mobile security now. I will switch over to K7 mobile security in July 2015 end.

Ranajit
Ranajit

Is blackberry native browser secure or not.

manu
manu

It is true that Chinese applications can not be trusted as we trust others. I use uc browser but when I have to make payments or transmit important data, I will switch to Chrome.

Sudhakar
Sudhakar

What about firefox?. Your feedback?.

Recent Posts

Reliance Jio Media Suggests Keeping Rs 18 Crore as Minimum Net Worth Requirement for MSOs to Trai

Last when we reported development about this, the Telecom Regulatory Authority of India (Trai) was ideating on the likely net...

Nothing Fresh to Add to the Indian Government’s Demand to Trace Messages: WhatsApp

Facebook-owned WhatsApp on Tuesday said it has nothing fresh to add to the Indian government’s demand to trace the origin...

Dish NXT HD Set-Top Box by Dish TV Now Available for Rs 1,590 After a Slight Price Drop

After the introduction of the new tariff regime by the Telecom Regulatory Authority of India (Trai), the playing field in...