UC Web Browser Suspected of Storing User Data

By abdul azis hartadi

UC owned by tech giant Alibaba

At this month's update, the Browser, available on both Google's Play Store and Apple's iOS Apps Store, will offer users an “Incognito” mode. This browsing mode ensures no browsing history is recorded except for downloads.

 
Uc browser security in doubt


UC Web Browser is one of the most popular browser applications in the world. Google Play Store data alone has reached 500 million downloads. Therefore UC Web is entering a large number of users of search engine applications.

UC Web Is Not Safe for Privacy

UC Web's claims of protecting user privacy have been proven false. Security researcher Gabi Cirlig, along with two other researchers, discovered that UC Web sends user data in both normal and incognito modes to servers with identities from China (playing .cn), despite the server hosting being in the US.

Cirlig uncovered the issue by reverse-engineering encrypted data sent to Beijing.

Having hacked the key, he can now see the data transmitted every time he visits the website. The data is encrypted and then sent back to Alibaba. In Apple's iOS, encryption is not necessary because the data is not stored on the device (although it is encrypted during transmission).

In April, The Information reported that Alibaba's $600 billion market is worried about Apple's App Tracking Transparency feature, which allows users to block app tracking.

Alibaba's business profits from ads that heavily rely on user data. Consequently, one of its most popular mobile apps can no longer be accessed through Apple's App Store. This is one of the initial indications that Apple's uncompromising approach to privacy is posing considerable challenges for firms such as Alibaba.

Updates After Indicated

It's not just Chinese tech giants found tracking users. The problem at UC Web Browser is no different from the one discovered by Cirlig last year. When he reviewed the security of Xiaomi's browser, the default app for web searches on the Chinese giant's phones.

It does the same, recording every website the user visits, even when the user is in incognito mode.

Although it denies the researchers' findings. App developers are issuing an update that allows users to opt out of what they perceive as anonymized aggregate data collection.

The news comes just after Cirlig discovered another Chinese app developer Cheetah Mobile. The app, which is listed on the New York Stock Exchange, has a security app with a “private” browser that collects information. Inform about internet usage and the name of Wi-Fi access points, among other data.

Cheetah says it needs data to help ensure users don't visit malicious websites and apps are working properly.