App Privacy and Controls

Back to Research

Research into privacy, security, and information controls of popular applications.

Latest Research

Cashless Society, Cached Data: Security Considerations for a Chinese Social Credit System

The second post in this series examines a Chinese mobile payment app feature increasingly covered in foreign media: testing of what may one day be a nationwide official social credit system to replace its traditional analog counterpart. Our exploration of potential security, privacy, and other issues of such a system is meant to raise questions that can inform discussions about how it will evolve.

Cashless Society, Cached Data: Are Mobile Payment Systems Protecting Chinese Citizens’ Data?

This research series presents an in-depth examination of mobile payment systems, a rapidly evolving form of financial technology. We will provide an overview of how they are used in China–where they are taking off faster than anywhere else in the world–and what implications their security and data protection practices may have for millions of users, by presenting a case study on Alipay.

Every Step You Fake: Final Report released

Citizen Lab research partner Open Effect today announced the release of the full report detailing our year-long research collaboration into the privacy and security of wearable fitness tracking devices.

WUP! There It Is: Privacy and Security Issues in QQ Browser

This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.

研究发现百度浏览器存在安全与隐私问题

多伦多大学公民实验室的最新报告揭露了百度浏览器存在的多处隐私与安全问题。百度浏览器是基于中国的一款移动浏览器,拥有数百万的用户,而报告反映的隐私与安全问题很可能会至用户的沟通于风险中。

Baidu’s and Don’ts: Privacy and Security Issues in Baidu Browser

This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.