One of the biggest online companies in the world is the Chinese firm Alibaba. It has a browser application called UC Browser available on the Android Play Store or the Apple App Store. When UC Browser was first revealed, it was promised that the browser would offer an incognito mode that didn’t record web browsing or search history. The browser also promised fast downloads, and its feature set made it very popular worldwide, racking up 500 million downloads on the Android platform alone.
While the browser isn’t commonly used in the US, it is currently the fourth largest browser by download numbers globally, primarily thanks to the Asian market. Security researcher Gabi Cirlig has published a report that found the privacy claims made by the browser are misleading. Independent researchers also verified his findings.
Cirlig found that both Android and iOS versions of UC Browser track every website a user visits regardless of whether they are in incognito mode or not. Data on their browsing habits is sent to servers owned by UCWeb. Data sent to the servers include an IP address, which could be used to get the user’s rough location narrowed down to a specific town or even a specific neighborhood.
The investigation found that while the servers were registered in China and carried a .cn Chinese domain name extension, they were hosted in the US. The servers also assigned an ID number to each user so activity across different websites can be monitored. Precisely what is being done with the data being collected is a mystery.
However, Cirlig claims that the data could easily fingerprint users and link them back to their actual real-world personas. The tracking activities were discovered by reverse engineering some of the encrypted data Cirlig spotted being sent to China. The researcher says tracking of this sort is done purposefully without any regard for user privacy.