In May, Citizen Lab released “A Chatty Squirrel: Privacy and Security Issues with UC Browser” a report describing key security vulnerabilities with the UC Browser, the most popular web browser in China and India. The report pointed out that the Chinese-langauge version of the app exposed users to more vulnerabilities than its English counterpart, though both demonstrated poor encryption techniques.
In an interview with the China Economic Review, Citizen Lab Senior Research Fellow Jason Q. Ng, who also contributed to the UC Browser report, said that the problems with the browser did not leave signs of malicious intent. Rather it “more likely represented the typical developer desire to build products and features first—worry about other issues later.”
After informing the software’s developer Alibaba in April, Citizen Lab was told that security engineers were looking into the issues raised. When the browser was tested a day before publication however, it was noted that search queries and personal data were still being sent unencrypted to Alibaba’s analytics service.
Jason Q. Ng also said that Chinese and U.S firms often employ different privacy standards in their work. While Chinese firms may make improvements, he said that “they’re a little looser on that front.” “I think most consumers are aware that security flaws are a hazard in apps,” Ng added, “but that awareness would obviously be heightened if it was their financial data at risk as opposed to something like search data.”