Be Alert: UC Browser For Android isn’t as secure as we think

Posted by

uc-browser

A group researchers called Citizen Lab, at the request of the Canadian Broadcasting Corporation (CBC) did some tests on the English and the Chinese variants of UC Browser (April and March versions for 2015), and these were their findings:

  • Both versions of the app transmitted PII (Personally Identifiable Information) in plain text or encryption that can easily be broken.
  • The Chinese version of the app retains user browsing information even after clearing app cache.
  • ┬áIMSI (international mobile subscriber identity), IMEI (International Mobile Station Equipment Identity), Android ID and MAC address of user devices were sent openly to an Umeng analytics tool from Alibaba. (Alibaba owns UC Browser).
  • The browser delivers this data while in idle state, with the user having to just launch the app on his or her device for this to happen.

In a situation like this, intercepted traffic from a user of UC Browser could be used to identify the user, see their browsing habits, and such a person could be prone to cyber attacks. Word was sent to UC Browser and some of the issues were fixed in a recent update, though some are still lingering.

What does this tell you? Know the kind of transactions you do with UC Browser. Still rocking it as my favorite download app though.

Source

>

6 comments

  1. I have always known this for a while.

    You launch UC browser. and something gets transmitted immediately.

    You can tell this if you have a data counter installed to monitor web activity.

    But, eh, I don’t care.. it’s also my favorite download app, and the best bet when network is crappy.

  2. I too don’t care. UC is simply the fastest for downloads!

    AND, unlike Opera Mini, it renders most interactive pages well, while still saving data.

  3. Well, it seems the security risks attached to using the Chinese version are greater compared to using the English version. Hope the problem gets resolved cuz it’s still my favourite browser. Besides, I don’t think the other mobile browsers have been so seriously scrutinized. Who’s to say they don’t have their own security woes.

  4. True,my Mobiwall Firewall App is always showing the d@mn thing trying to access my data all the time,I had to block it from using background data..

    1. You use mobiwol? I used that app for sometime but realized that it also contributes to unwanted data consumption. Well, maybe you’re OK with the app but I wouldn’t recommend it to anyone.

Have Your Say

Your email address will not be published. Required fields are marked *

Discussions are moderated for civility