Saturday, 23 May 2015

UC Browser India most popular Mobile web browser, Found to Leak User Mobile Number and Other Personal Details

UC Browser, which is right now India’s most widely used mobile browser is leaking user’s data to a Chinese server. Owned by Alibaba, UC Browser has more than 500 million users in China and India; and in India, it is witnessing 300%+ year on year growth.

This scintillating security breach was shared by a Canadian technology research group called Citizen Lab. And interestingly, they were able to discover this massive leak when Canadian Broadcasting Corporation (CBC) asked them to investigate a document leaked by Edward Snowden, the celebrity whistleblower who rattled USA and is currently under asylum in Russia

This lack of encryption exposes information like user’s phone number, device number and location of the person to unethical hackers. “The transmission of this information “represents a privacy risk for users because it allows anyone with access to the data traffic to identify users and their devices, and collect their private search data,” the report said.

The security firm said that the privacy risk is that any personal data leaked through UC Browser could be used by governments or other third parties. It can use the user data for spamming and that’s a very serious matter. 

Shortly after the news was out, Alibaba issued a statement saying that the issue has been fixed and all users need to do is download a version update. “We have no evidence that any user information has been taken,” the company spokesperson told Reuters 

So if you are a User of UC Browser so Stop surfing & start Updating for a Hassle free Surfing 
"By leaking a large volume of fine-grained data points to multiple network operators, the UC Browser app is increasing the risks to its users that such data may be used against them by authorities, criminals, or other third parties," report said.

Key Findings of the Report
  • User data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibaba analytics tool, in the Chinese language version.
  • User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version.
  • User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).
  • Reason for concern: The transmission of personally identifiable information, geolocation data and search queries without encryption represents a privacy risk for users because it allows anyone with access to the data traffic to identify users and their devices, and collect their private search data.
Can Govt. Ban UC Browser ?

Govt. of India is finalizing their new FDI policy, keeping in mind the onslaught of Chinese companies into Indian market. And as per reports coming in, the new FDI policy has a provision to ban any Chinese company found to be spying or leaking user’s data into their country. Dont forget to share it.

Like us on Facebook For More Information on it. You can also Join Us On Google+ For Tech News
                           Like Us On Facebook, Celebrating 700+ Likes & 400000+ Visitor
                                                       & Do Subscribe-US For Our Newsletter