![]() User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version.User data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibaba analytics tool, in the Chinese language version.Transmission of personally identifiable information and user search queries without encryption: Specifically, the issues we found include: We found that both versions of the application leak a significant amount of personal and personally-identifiable data as a result, any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries) through trivial decrypting of traffic or by observing unencrypted traffic. Our notification to the parent companies is described below in detail. We have identified a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser. While media outlets are publishing a story about the CSE document, we cannot determine if the problems we identify in UC Browser and that are described in this report are identical to those referenced in the 2012 CSE document. Given the Citizen Lab’s ongoing research into popular Asian communications tools, and the possibility of vulnerabilities affecting a large number of users, we decided to conduct an independent investigation of UC Browser. The document, apparently prepared in 2012 by Canada’s signals intelligence agency, the Communications Security Establishment (CSE), noted the existence of security vulnerabilities in UC Browser. The CBC contacted us requesting our comment. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. Read the Summary in Chinese: 啰嗦的松鼠:UC浏览器的隐私与安全问题.Ī follow-up to this report with further analysis of UC Browser is available here: A Tough Nut to Crack: A Further Look at Privacy and Security Issues in UC Browser.Read the Summary: Privacy and security issues with UC Browser.Read our primer on mobile privacy and security.Read Ron Deibert’s op-ed in the Globe and Mail.Ng, Masashi Crete-Nishihata, John Scott-Railton, and Ron Deibert May 21, 2015 ![]() ![]() Jakub Dalek, Katie Kleemola, Adam Senft, Christopher Parsons, Andrew Hilts, Sarah McKune, Jason Q.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |