H L Data Storage Store Banner 970x90
Breaking News

Acer Releases tons of new desktop, laptops, chromebooks HP debuted its newest HP Spectre and HP Envy laptops RICOH announces WG-80 waterproof camera GeIL Launches the World’s First Active Cooling DDR5 Memory Equipped with Innovative RGB Dual Fans HUAWEI showcases next generation of cutting-edge products for Smart and Healthy Living

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researchers Disover Security Issues with Alibaba's UC Browser

Researchers Disover Security Issues with Alibaba's UC Browser

Enterprise & IT May 21,2015 0

UC Browser, a popular mobile web browser in China and India owned by the Alibaba Group, has multiple security and privacy deficits, a Canadian technology research group said on Thursday. Researchers at Citizen Lab revealed that UC Browser poorly secures data in its English and Chinese language versions for Android. Sensitive user data, such as device identifiers, nearby Wi-Fi access points, and cellular tower information, as well as search queries to the search engine Shenma, asre insufficiently secured by the Chinese version of the application before transmitting to its destination, according to a report published by Citizen Lab. The Chinese version also permanently retains users’ DNS query history which was discovered after researchers tried to delete personal information using the application’s built-in personal information deletion functions.

The ressearchers also discovered that the English version of the application sends search queries to Yahoo! India or Google without encryption; however, it does not exhibit the other information leakages present in the Chinese version of the application.

"Our analysis shows that the information leakages in the Chinese version of the application could be used to track the location of persons either in real-time or retroactively," the researchers said. "Moreover, the application’s failure to delete DNS queries means that third parties that access the application’s cache could determine what websites a user had previously visited. Both the Chinese and English versions of the applications showcase poor security practices by failing to encrypt queries made to either Chinese- or English-based search engines."

The transmission of unencrypted search engine queries enables third parties to monitor searches as well as potentially return modified search results without the user realizing that their data has been monitored or modified. Sensitive personal information can be inferred from search results including health conditions, such as pregnancy, disease, mental and psychological conditions, marital relations, and medical information. The data can also be used by third parties to develop, use, and sell user profiles and by corporate or government agents to modify or prevent access to certain search results.

Generally, the researchers found that users of the English version of the applications experience fewer privacy or security problems compared to users of the Chinese version.

Citizen Lab disclosed their findings to Alibaba on April 15, 2015. The company responded, indicating that Alibaba security engineers were investigating the issue.

The researchers later tested a newer version (10.4.1-576) of the Chinese language version of UC Browser. This version did not appear to send location data insecurely to AMAP. However, issues relating to insecure data transmission to the Umeng component, as well the lack of encryption on search terms, did not appear to have changed in that latest version.

Tags: Alibaba
Previous Post
Should We Expect Android OS For IoT Next Week?
Next Post
HP Partners With Chinese Tsinghua

Related Posts

  • Ubisoft Sues Apple, Google Over Distribution of Alibaba’s Area F2 Game

  • Alibaba Announces $28 billion Cloud Investment

  • Alibaba is Offering Europe Coronavirus Diagnostic Tool

  • Alipay Announces Three-Year Plan to Support the Digital Transformation of 40 Million Service Providers in China

  • Alibaba Reports High Earnings but Coronavirus Questions Remain

  • Alibaba Raises Up to $12.9 billion in Hong Kong Listing

  • Alibaba Group Generated $38.4 Billion of GMV During the Global Shopping Festival

  • Alibaba Group Generated $12 Billion of GMV in the First Hour of the Global Shopping Festival

H L Data Storage Store Banner 300x600

 

Latest News

Acer Releases tons of new desktop, laptops, chromebooks
Gaming

Acer Releases tons of new desktop, laptops, chromebooks

HP debuted its newest HP Spectre and HP Envy laptops
Enterprise & IT

HP debuted its newest HP Spectre and HP Envy laptops

RICOH announces WG-80 waterproof camera
Cameras

RICOH announces WG-80 waterproof camera

GeIL Launches the World’s First Active Cooling DDR5 Memory Equipped with Innovative RGB Dual Fans
PC components

GeIL Launches the World’s First Active Cooling DDR5 Memory Equipped with Innovative RGB Dual Fans

HUAWEI showcases next generation of cutting-edge products for Smart and Healthy Living
Consumer Electronics

HUAWEI showcases next generation of cutting-edge products for Smart and Healthy Living

Popular Reviews

CeBIT 2005

CeBIT 2005

CeBIT 2006

CeBIT 2006

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Pioneer BDR-2207 (BDR-207M) BDXL burner review

Pioneer BDR-2207 (BDR-207M) BDXL burner review

External USB Slim Recorders Comparison

External USB Slim Recorders Comparison

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed