Alibaba Group Holding Ltd [NYSE: BABA] owned UC mobile browser has a potential security flaw.
The browser is sending users confidential data including the mobile numbers, IMEI, user search data & geo-location data unencrypted or without enough encryption.
Citizen Lab, a Canadian technology research group, published a report highlighting the potential security flaws in UC browser.
Both the Chinese and the English version of the browser were found to have the security flaw. The problems were more evident in the Chinese version of the browser in comparison to English version of the browser.
UC mobile browser is one of the famous 3rd party browsers for mobile devices. UC browser has apps for iOS, Android, and Windows phones.
It is one of the most popular mobile browsers in India and China. UC browser has a large install base of over 500 million installations. UC browser has 100 million active users per month.
The report lists that the browser is transmitting user information without properly encrypting it. Unencrypt information flowing over a carrier’s network is an open invitation for hackers and other illicit users to tap in.
This flow of information represents a privacy risk as sensitive information such as geo-location data, and IMEI were also being transmitted without proper encryption.
Alibaba spokesman has commented that the problems are fixed, and they have released updates to the browser for the potential threat.
They also stated that they are taking the security seriously, and they have found no evidence that any data was stolen.
Citizen Lab started investigating UC browser when it was confirmed in the documents leaked by Edward Snowden that Canadian security agencies were aware of the flaw in browser. Governments in India and China keep a close watch on telecom service providers in their countries and may ask them to hand over user data without their consent. A potential security breach at browser level may lead security agencies using the users data.
UC mobile browser’s parent company UCWeb Inc. was acquired by Chinese search giant Alibaba group in a deal last year for over $1 billion. This deal was one of the biggest mergers in the Chinese internet history.