Popular Alibaba-owned app UC Browser caught monitoring user browsing data
UC Browser, a popular web browser developed by Alibaba subsidiary UCWeb, was found to be tracking user habits on both iOS and Android, and sending the data back to company servers.
The behavior was discovered by security researcher Gabi Cirlig, who determined the app logs every website a user visits, as well as IP address information, and sends that data to servers owned by UCWeb, reports Forbes. Information continues to be collected while in incognito mode.
UC Browser also assigns identification numbers to users, a tactic that could be used to track online behavior.
"This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post.
Compared to other major browsers, Cirlig described UC Browser's activity as "getting the URLs, putting them in a briefcase and running away with them," the report said. Google's Chrome, for example, does not collect browsing history, cookies and site data, or information entered in forms, according to the search giant.
While exact usage figures are unknown, UC Browser boasts more than 500 million downloads on Android and is considered by one analysis to be the fourth most-used browser in the world thanks to a large following in Asia. As reported by The Wall Street Journal, it was one of the most popular browsers in India prior to that country's ban on certain Chinese apps.
Word of the intrusive app arrives after a report in April claimed Alibaba has become increasingly concerned over Apple's App Tracking Transparency rules, which restrict access to users' Identifier for Advertisers (IDFA) tags. Advertising accounts for a sizable portion of Alibaba's bottom line, with $30 billion in annual revenue -- about 40% of total revenue -- generated from ad serving activities.
UCWeb held off on submitting an updated UC Browser to the App Store until last week, when Apple developer guidelines forced the company to reveal that its app tracked users via unique identifiers and search histories. The browsing monitoring program discovered by Cirlig was not disclosed in UC Browser's App Store notes, the report said.
Interestingly, the English-language version of UC Browser was recently pulled from the App Store, though a Chinese-language version remains.
Follow all the details of WWDC 2021 with the comprehensive AppleInsider coverage of the whole week-long event from June 7 through June 11, including details of all the new launches and updates.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
The behavior was discovered by security researcher Gabi Cirlig, who determined the app logs every website a user visits, as well as IP address information, and sends that data to servers owned by UCWeb, reports Forbes. Information continues to be collected while in incognito mode.
UC Browser also assigns identification numbers to users, a tactic that could be used to track online behavior.
"This could easily fingerprint users and tie them back to their real personas," Cirlig wrote in a blog post.
Compared to other major browsers, Cirlig described UC Browser's activity as "getting the URLs, putting them in a briefcase and running away with them," the report said. Google's Chrome, for example, does not collect browsing history, cookies and site data, or information entered in forms, according to the search giant.
While exact usage figures are unknown, UC Browser boasts more than 500 million downloads on Android and is considered by one analysis to be the fourth most-used browser in the world thanks to a large following in Asia. As reported by The Wall Street Journal, it was one of the most popular browsers in India prior to that country's ban on certain Chinese apps.
Word of the intrusive app arrives after a report in April claimed Alibaba has become increasingly concerned over Apple's App Tracking Transparency rules, which restrict access to users' Identifier for Advertisers (IDFA) tags. Advertising accounts for a sizable portion of Alibaba's bottom line, with $30 billion in annual revenue -- about 40% of total revenue -- generated from ad serving activities.
UCWeb held off on submitting an updated UC Browser to the App Store until last week, when Apple developer guidelines forced the company to reveal that its app tracked users via unique identifiers and search histories. The browsing monitoring program discovered by Cirlig was not disclosed in UC Browser's App Store notes, the report said.
Interestingly, the English-language version of UC Browser was recently pulled from the App Store, though a Chinese-language version remains.
Follow all the details of WWDC 2021 with the comprehensive AppleInsider coverage of the whole week-long event from June 7 through June 11, including details of all the new launches and updates.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
Keep in mind that every company in China is forced to allow the Chinese government access to their systems for any reason. Which is why people think it's a bad idea for Huawei to be a global leader in telecomm systems. If we know government actors are not above installing shadow firmware on consumer routers, why do we think it will be any different with 5G equipment?