App Privacy and Controls

Back to Research

Research into privacy, security, and information controls of popular applications.

Latest Research

WUP! There It Is: Privacy and Security Issues in QQ Browser

This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.

研究发现百度浏览器存在安全与隐私问题

多伦多大学公民实验室的最新报告揭露了百度浏览器存在的多处隐私与安全问题。百度浏览器是基于中国的一款移动浏览器,拥有数百万的用户,而报告反映的隐私与安全问题很可能会至用户的沟通于风险中。

Baidu’s and Don’ts: Privacy and Security Issues in Baidu Browser

This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.

Are the Kids Alright?: Digital Risks to Minors from South Korea’s Smart Sheriff Application

This report describes the results of two independent security audits of Smart Sheriff, one by researchers who collaborated at the 2015 Citizen Lab Summer Institute (held at the Munk School of Global Affairs, University of Toronto), and the other by the auditing firm Cure53. The combined audits identified twenty-six security vulnerabilities in recent versions of Smart Sheriff (versions 1.7.5 and under). These vulnerabilities could be leveraged by a malicious actor to take control of nearly all Smart Sheriff accounts and disrupt service operations.

A Chatty Squirrel: Privacy and Security Issues with UC Browser

UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story.