KEY POINTS

  • UC collects an IP address that tracks a user’s location
  • The activity is consistent on both iOS and Android devices
  • Servers are hosted in the U.S. but Alibaba monitors all its activities

A shocking research finding has revealed that the UC browser users’ website activities are being monitored and sent to Alibaba-owned servers. Surprisingly, the browser collects even data logs gathered on users’ incognito mode activities, Forbes reported.

UC Web is a browser owned by Chinese multinational technology company Alibaba. It is currently holding the number four spot among the browsers with the most number of users across the globe. It was also the most popular browser in India once. However, due to the security issues linked with China, the Indian government issued a permanent ban on the browser.

In a Medium blog post, Gabi Cirlig, a security researcher, revealed that UCWeb’s privacy pledge of safe and unmonitored incognito mode browsing is misleading. He discovered that the China-based browser collects and sends a user's visited website data to a server owned by the company.

He added that unsafe incognito browsing is happening both on Android and iOS devices. Two other independent researchers verified Cirlig’s statement.

By doing reverse engineering on some data he spotted transmitted back to China, Cirlig was able to expose the problem. He discovered that every website he visited was encrypted and sent back to Alibaba. Cirlig added that on iOS devices, he did not have to use reverse engineering and that the data encryption happens during transit.

In a short video, Cirlig showed a preview of what took place as he browsed various websites through UC Web.

Aside from monitoring, collecting and sending the users’ activity log to Alibaba, the researcher said that UC Web also collects and sends the users’ IP addresses to two servers controlled and owned by Alibaba. IP addresses make it easier to track a user’s specific location.

The two servers where IP addresses were sent carried the domain extension .cn and are found to be registered in China. The study revealed that the servers are hosted in the U.S. but the Chinese company Alibaba monitors all their activities.

It is still unknown what Alibaba and its subsidiaries will do with the data. Alibaba, Apple and Google have not responded to the request to comment on the matter yet, Forbes reported.

Alibaba said it would have posted a hefty profit if not for the fine
Alibaba said it would have posted a hefty profit if not for the fine AFP / GREG BAKER
RELATED STORIES