Popular Alibaba-owned app UC Browser caught monitoring user browsing data

Posted:
in iOS edited June 2021
UC Browser, a popular web browser developed by Alibaba subsidiary UCWeb, was found to be tracking user habits on both iOS and Android, and sending the data back to company servers.

UC Browser


The behavior was discovered by security researcher Gabi Cirlig, who determined the app logs every website a user visits, as well as IP address information, and sends that data to servers owned by UCWeb, reports Forbes. Information continues to be collected while in incognito mode.

UC Browser also assigns identification numbers to users, a tactic that could be used to track online behavior.

"This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post.

Compared to other major browsers, Cirlig described UC Browser's activity as "getting the URLs, putting them in a briefcase and running away with them," the report said. Google's Chrome, for example, does not collect browsing history, cookies and site data, or information entered in forms, according to the search giant.

While exact usage figures are unknown, UC Browser boasts more than 500 million downloads on Android and is considered by one analysis to be the fourth most-used browser in the world thanks to a large following in Asia. As reported by The Wall Street Journal, it was one of the most popular browsers in India prior to that country's ban on certain Chinese apps.

Word of the intrusive app arrives after a report in April claimed Alibaba has become increasingly concerned over Apple's App Tracking Transparency rules, which restrict access to users' Identifier for Advertisers (IDFA) tags. Advertising accounts for a sizable portion of Alibaba's bottom line, with $30 billion in annual revenue -- about 40% of total revenue -- generated from ad serving activities.

UCWeb held off on submitting an updated UC Browser to the App Store until last week, when Apple developer guidelines forced the company to reveal that its app tracked users via unique identifiers and search histories. The browsing monitoring program discovered by Cirlig was not disclosed in UC Browser's App Store notes, the report said.

Interestingly, the English-language version of UC Browser was recently pulled from the App Store, though a Chinese-language version remains.

Follow all the details of WWDC 2021 with the comprehensive AppleInsider coverage of the whole week-long event from June 7 through June 11, including details of all the new launches and updates.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 5
    nlrznlrz Posts: 10member
    The fact that Alibaba pulled the English version of the app from the AppStore shows that Alibaba is aware that people don't like to be tracked as opposed to just playing dumb.

    I'm surprised the AppStore rating for the Chinese version is still so high.
    StrangeDaysOferwatto_cobra
  • Reply 2 of 5
    rcfarcfa Posts: 1,124member
    I’m surprised they even have two versions, given that an app could simply adapt to whatever language is preferred…

    Guess Chinese users don’t mind so much as they know their government is tracking them anyway, so what’s one entity more, if you have no privacy to begin with…
    watto_cobra
  • Reply 3 of 5
    StrangeDaysStrangeDays Posts: 12,001member
    Oh Chinese surveillance state... Why do you hate freedom so?

    Keep in mind that every company in China is forced to allow the Chinese government access to their systems for any reason. Which is why people think it's a bad idea for Huawei to be a global leader in telecomm systems. If we know government actors are not above installing shadow firmware on consumer routers, why do we think it will be any different with 5G equipment?
    edited June 2021 baconstangwatto_cobra
  • Reply 4 of 5
    chadbagchadbag Posts: 1,647member
    rcfa said:
    I’m surprised they even have two versions, given that an app could simply adapt to whatever language is preferred…

    Guess Chinese users don’t mind so much as they know their government is tracking them anyway, so what’s one entity more, if you have no privacy to begin with…
    They don’t necessarily have two versions of the software, but separate listings per country/language.  Don’t know how technically that would work with Apple systems but the app itself may adapt languages.  
    watto_cobra
  • Reply 5 of 5
    cornchipcornchip Posts: 1,897member
    Real shocker.
Sign In or Register to comment.