UC Browser, India’s Most Popular Mobile Browser, Accused Of Leaking User Data to Chinese Servers

UC Browser, which is right now India’s most widely used mobile browser (as per StatCounter) is accused of leaking user’s data to a Chinese server. Owned by Alibaba, UC Browser has more than 500 million users in China and India; and in India, it is witnessing 300%+ year on year growth.

This scintillating security breach was shared by a Canadian technology research group called Citizen Lab. And interestingly, they were able to discover this massive leak when Canadian Broadcasting Corporation (CBC) asked them to investigate a document leaked by Edward Snowden, the celebrity whistleblower who rattled USA and is currently under asylum in Russia.

CBC is Canada’s national public radio and television broadcaster and considering that they requested Citizen Lab to find out the truth behind the leaked data from UC Browser, it holds immense significance and importance.

Alibaba bought UC browser in 2014, by reportedly paying approximately between $1.9 billion and $2 billion. Currently, UC Web, the company which created UC Browser manages Alibaba’s browser, mobile search, location-based services, mobile gaming, app store and mobile reader operations.

UC Browser most popular in India (Statcounter)

Key Findings of the Report

– Crucial user data such as IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to an analytics tool based in China called Umeng; which is owned by Alibaba.

– AMAP, a mapping tool developed by Alibaba receives user’s geological data such as longitude/latitude and address.

– Shenma, which a mobile search engine developed by UC Browser and Alibaba receives all search queries conducted by the user on Google or Yahoo. And this data is not encrypted, which means that anyone, including Chinese Govt. can intercept this data and make good use of the same.

– AMAP, the Alibaba mapping tool receives unencrypted data of the user such as location, total usage of mobile internet, data about nearest mobile tower, WiFi access locations, IP address etc.

– When Chinese users of UC Browser attempt to delete their usage history, the DNS data is not deleted and its saved permanently in some remote Chinese servers. We can assume the same with Indian users as well.

Considering that a typical user searches more on mobile along with surfing and storing crucial data related wit financial management, official usage and personal usage, this is indeed a scary situation.

[divider]

Update: The relevant people from UC Browser have got in touch with us and given a statement that, “If you go over the Citizen Lab report, you’ll read stuff like ‘The English version of the browser’s only issue is it hasn’t used search query encryption’. This has nothing to do with what the headline suggests ‘Leaking User Data to Chinese Servers’. All data would be stored on Chinese servers only if it is Chinese version of the browser. For international versions, data would only stored in local countries.”

[divider]

Can Govt. Ban UC Browser & Alibaba?

Govt. of India is finalizing their new FDI policy, keeping in mind the onslaught of Chinese companies into Indian market. And as per reports coming in, the new FDI policy has a provision to ban any Chinese company found to be spying or leaking user’s data into their country.

Although the new FDI policy is still under works, this case of UC Browser leaking sensitive user’s data and sending them to Chinese servers can become a classical case of such an incident.

This new FDI policy also prohibits Chinese firms from establishing their manufacturing units or offices near border areas, and makes it compulsory to hire more Indian employees.

We will keep you updated as more information comes in regarding the data leak controversy by UC Browser.

In case you are using this on your mobile phones, we will suggest you take precaution and be alert, and best would be to not use it till things are clarified.