Massive security vulnerabilities discovered in popular UC Browser

Alibaba-owned UC Browser is an extremely popular mobile surfing solution in Asia, but it has now become the subject of a major controversy owing to the fact that it has been found to be leaking sensitive data of users. Citizen Lab, an interdisciplinary lab based at the University of Toronto has brought forth this information.

It has uncovered that both the Chinese as well as English versions of UC Browser application are capable of transmitting user data while in use. They can apparently leak personal information about the user to either the network operator or any attacker.

UC Browser

This information can range from cellular subscriber details, geo-location data, search queries, IMSI, IMEI, Android ID, mobile device identifiers and more. After finding this out in April, the researchers at Citizen Lab submitted the report to Alibaba and UCWeb.

Both the parties responded to this by saying that their security engineers had begun working on fixing the problems of UC Browser. Despite the releases of new versions of the app after that, when Citizen Lab again decided to test the utility, some discrepancies were again found in it.

Also See: UC Browser and Facebook partner to offer real-time notifications in India

The researchers did in fact come to the conclusion the new version of the Chinese UC Browser no longer sent location data insecurely to AMAP, but they also found out that it still has problems with insecure data transmission to the Umeng component and its search queries are still lacking encryption. It’s hence that Citizn Lab has decided to make the report public.

It’s hence advised that those who’re using UC Browser at the moment and are worried about leaking of their sensitive information, should stop using the app on their devices.