App Privacy and Controls
Research into privacy, security, and information controls of popular applications.
This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.
This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.