It may not be a household name yet but UC Browser, owned by Chinese conglomerate Alibaba, has become one of the most downloaded browsers on Android devices this month. In fact, in terms of numbers, it’s the fourth biggest browser in the world right now, particularly in Asia. One of their main features is an incognito mode, which like other browsers that offer this too, you are promised privacy in terms of search and web browsing history. But according to some security researchers, this is not the case for this particular browser.
Forbes ran a story about security researcher Gabi Cirlig and his findings about the UC Browser which have also been verified by two other independent researchers. Basically, they discovered that every website that you visit on your phone using the browser plus your IP address will be sent to servers owned by UCWeb. Even if you’re in incognito mode, which supposedly will not send such information to anyone, your activity will still be sent to those servers which are controlled by Alibaba.
Each user is also assigned an ID number so it is possible that all your activities across different websites can be tracked and monitored by whoever owns those servers, which as far as we know is Alibaba. These servers were registered in China and also had the .cn domain extension but they are actually hosted in the US. At this point in time, we don’t know what they are doing with that data but Cirlig said it is disturbing that they can actually tie these activities to real persons.
He was able to make these findings by reverse engineering some of the encrypted data that he was able to see that were being sent back to Beijing. He was then able to see that every time he visited a website, it was still being encrypted and transmitted back to the servers that are presumably owned by Alibaba. An Argentina-based researcher, Nicolas Agnese, also validated the issues, particularly on iPhones which is supposedly more secure.
Of course this isn’t the first time that a Chinese company has been accused of tracking users. Both Xiaomi’s browser and Cheetah Mobile also have some privacy issues brought up against them. No word yet form Alibaba about this but users have now been warned.