This top mobile browser is secretly tracking millions of iOS and Android users

Phone security
(Image credit: Shutterstock)

Cybersecurity researchers have found that a popular mobile web browseris sending records of websites visited by users, even in Incognito mode, to its servers.

UC Browser is developed by UCWeb, which is a subsidiary of Chinese tech giant Alibaba, and is reportedly popular throughout many parts of the world, with over 500 million downloads on the Android Play Store alone.

However, owing to the Indian government’s security concerns over Chinese apps, UC Browser remains banned in the country, where it had been one of the most popular mobile browsers.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> <a href="https://project.tolunastart.com/s/r9AXk4" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window<<

The issues with UC Browser were initially flagged by security researcher Gabi Cirlig, and have since been verified by two other independent researchers on behalf of Forbes.

In a blog post, Cirlig explains that he was able to observe UC Browser’s irregular behavior by reverse engineering some encrypted data he noticed the browser was piping back to its servers. Thanks to his efforts he was then able to observe that every time he visited a website, the browser would encrypt and transmit the details about the visit. 

Individual tracking

Cirlig has a knack for unearthing unscrupulous activities of Chinese browsers. Last year he found Xiaomi’s browser exhibiting a similar behavior and routing details about visited websites, even when in incognito mode, back to its headquarters. 

In UC Browser’s case, Cirlig noticed that along with the website the browser would also roll in the user’s IP addresses in the transmission to its headquarters.

Even more worryingly, he shared that the browser would assign an ID number to each user, which could be used to track their movements across different websites. 

Although it isn’t clear exactly what Alibaba and its subsidiary are doing with the data, Cirlig told Forbes that “this kind of tracking is done on purpose without any regard for user privacy.”

Interestingly, as of Tuesday morning, the English-language version of UC Browser is no longer listed on the Apple App Store, though it can still be downloaded from Google’s Play Store.

Via Forbes

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.