A security researcher has found that UC Browser sends records of visitors’ activity to its servers, even when they are using incognito mode.
Alibaba subsidiary UCWeb developed the UC Browser, which is reportedly popular across numerous parts of the world. In fact, it has over 500 million downloads on the Google Play Store alone.
Based on data from StatCounter, UC Browser has the 4th largest userbase when it comes to mobile browsers.
Researchers Gabi Cirlig and two other independent security researchers from Forbes verified that the aforementioned issues with UC Browser exist.
- Android shares 20x more data to Google than iOS to Apple, study finds
- Google has to deal with incognito mode tracking lawsuit, judge rules
According to Cirlig, UC Browser is exhibiting suspicious behavior and he noticed this after reverse engineering encrypted data sent back to UC Browser’s servers. As a result of his experiment, he was able to prove that every time he visited a web page, UC Browser encrypts and transmits information about the visit to its servers.
The security researcher is good at spotting irregular activities by Chinese-made browsers. He was also the one who found out that Xiaomi’s mobile browser is recording and harvesting browsing activities even in incognito mode. Xiaomi later explained their side, addressing the concerns of the tech community.
But what’s really bothering about the UC Browser case is they also get the user’s IP address. In addition, a unique ID number is also being assigned to each user, which is possibly used to track their online activities across the web.
It’s not clear yet what Alibaba’s subsidiary is doing with the data, but Cirlig says “this kind of tracking is done on purpose without any regard for user privacy.”
The UC Browser for iOS has been pulled out of Apple’s app store, but it’s still available for download on Android’s Play Store.