The three biggest browsers in China are severely lacking in encryption, according to a new report obtained by the Wall Street Journal. A report from the University of Toronto’s Citizen Lab has revealed that Tencent’s QQ browser, Alibaba’s UC browser, and Baidu’s browser were all transmitting user data to their respective servers with weak encryption or no encryption at all.
All three browsers collect data on users’ search queries, the precise location of the user, and the unique device numbers specific to the users’ smartphones and PCs, said Citizen Lab in its report. The UC browser, the QQ browser, and the Baidu browser are the three most popular mobile browsers in China, with a market share of 70%, 48%, and 29%, respectively, the Journal reports. The lack of encryption makes the data of the hundreds of millions of users who use the browsers on a daily basis vulnerable to unauthorized access from governments and hacker groups.
"Most troubling is the fact that users would generally be unaware of these risks, unaware that such data is being collected and transmitted, and potentially unaware that a properly crafted malicious software update attack could lead to malicious code being installed on their devices," Citizen Lab said in its report.
For its part, Tencent emailed a statement to the Journal to say that the issues raised in Citizen Lab’s report have now been fixed. "We value the privacy of our users and exercise caution when dealing with any data collected," the company said.
Still, Citizen Lab’s report will be sure to unnerve users of the Internet in China, where the government is already known to collect massive amounts of information about the country’s web users.