A group researchers called Citizen Lab, at the request of the Canadian Broadcasting Corporation (CBC) did some tests on the English and the Chinese variants of UC Browser (April and March versions for 2015), and these were their findings:
- Both versions of the app transmitted PII (Personally Identifiable Information) in plain text or encryption that can easily be broken.
- The Chinese version of the app retains user browsing information even after clearing app cache.
- IMSI (international mobile subscriber identity), IMEI (International Mobile Station Equipment Identity), Android ID and MAC address of user devices were sent openly to an Umeng analytics tool from Alibaba. (Alibaba owns UC Browser).
- The browser delivers this data while in idle state, with the user having to just launch the app on his or her device for this to happen.
In a situation like this, intercepted traffic from a user of UC Browser could be used to identify the user, see their browsing habits, and such a person could be prone to cyber attacks. Word was sent to UC Browser and some of the issues were fixed in a recent update, though some are still lingering.
What does this tell you? Know the kind of transactions you do with UC Browser. Still rocking it as my favorite download app though.