Chinese QQ Browser Caught Sending User Data To Its Servers

An anonymous reader writes: A report from the Citizen Lab at the University of Toronto reveals that the popular QQ Browser is collecting sensitive user information and sending it in an insecure manner to its servers. The Android version is collecting data such as the user's search terms, browsing history, nearby Wi-Fi networks, and the user's device IMSI and IMEI codes. For the Windows version of QQ Browser, the app was caught collecting data such as the user's browsing history, hard drive serial number, MAC address, Windows hostname, and Windows user security identifier. All of this is sent unencrypted, or with a weak encryption, to Tencent's servers, QQ Browser's manufacturer. Additionally, the update process is flawed and delivered in an insecure manner that allows others to manipulate upgrade patches with malicious software. This is the third browser caught exhibiting this behavior after UC Browser and Baidu Browser.

Re:this is different from Goog or MS... how, again

[ShanghaiBill]

I've never even heard of the QQ browser

QQ is huge, used by hundreds of millions of people. It is far more than just a browser. It is an entire social network, with forums, games, and even a virtual currency, QQCoin. When my daughter wanted a dog, I bought her a virtual dog on QQ instead, and told her that I would get her a real dog if she could take care of the virtual dog for a year, and give it virtual food and virtual water everyday (costing more QQCoin). Unfortunately, when we went on vacation, she forgot to suspend it, and it starved to death while we were gone. I also used QQCoin to buy a virtual mink coat for my wife's avatar. So she has a mink coat that all her chat-friends can see, yet no actual minks are harmed. Win-win.