Private web surfing on the Alibaba-owned UC Browser app on Android and iOS isn’t that private as you thought.
Security researchers have revealed that UC Browser has been harvesting user browsing data both when browsing normal and in incognito mode which is sent to servers owned by UCWeb.
The research done by Gabi and validated by Andrew reports that data such as usage logs including detailed information of browsed URLs and searched terms, device details and other sensitive information like IP addresses which could be used to find a user’s rough location down to the town or neighbourhood of the user – were also being sent to China-registered Alibaba-controlled servers.
Data being collected even when on incognito mode:
- Unique serial number of the device (internal to UCWeb)
- Exact timestamp of when the navigation event happened
- Complex geolocation data such as neighbourhood and town
- IMEI and MAC of the device (seems to be left blank for the moment though)
Each user is given an ID that means their browsing data could be monitored across different websites.
The researchers found out that there was a lot of of pingbacks to the Alibaba servers even when the browser was used in incognito mode.
The report adds that it’s unknown what Alibaba and its subsidiaries are doing with the data they are collecting.
UCBrowser app advertised that its incognito mode is private and secure and this research reveals that is not true.
The English iOS app has since been removed from the Apple App Store while the Chinese iOS app version is still on the App Store. It’s Android version is still up on the Google Play Store.
It’s imperative to go delete them and download browser apps that put your privacy first. Here are some of them.
Articles in this stream
Here’s how to protect your privacy and stay secure on: