UC Browser insecurely transmits sensitive personal data

Most apps’ privacy policies claim that they take steps to protect their users’ personal information like your location, browsing history, and information about your devices that can identify you. Protections are particularly needed during transmission of your data from the app to the Internet. When data leaves your phone it passes through many points along the Internet before finally reaching its intended destination. At any of those points, if your data is sent insecurely, our data can be collected by would-be criminals and spies.

UC Browser used weak cryptography, and sometimes no encryption at all, when it transmitted keystrokes as a user entered in website addresses or search terms or when a user’s location was beamed out over the Internet. Many of those transmissions included sensitive device identifiers that make it easy to collect and analyze the traffic particular to a single individual and build up a massive profile of interests and activities over time -- gold for criminals and spies.