Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese QQ Browser Caught Sending User Data To Its Servers

Posted by msmash on from the something-smells-fishy dept.

An anonymous reader writes: A report from the Citizen Lab at the University of Toronto reveals that the popular QQ Browser is collecting sensitive user information and sending it in an insecure manner to its servers. The Android version is collecting data such as the user's search terms, browsing history, nearby Wi-Fi networks, and the user's device IMSI and IMEI codes. For the Windows version of QQ Browser, the app was caught collecting data such as the user's browsing history, hard drive serial number, MAC address, Windows hostname, and Windows user security identifier. All of this is sent unencrypted, or with a weak encryption, to Tencent's servers, QQ Browser's manufacturer. Additionally, the update process is flawed and delivered in an insecure manner that allows others to manipulate upgrade patches with malicious software. This is the third browser caught exhibiting this behavior after UC Browser and Baidu Browser.

5 of 68 comments (clear)

  1. Chinese browser leaks data? by Frosty+Piss · · Score: 5, Insightful

    I'm shocked! Shocked, I tell you!

    --
    If you want news from today, you have to come back tomorrow.
  2. Please forgive me by Anonymous Coward · · Score: 5, Funny

    "In Communist China, internet browses YOU!"

  3. You know what would really be shocking? by JustAnotherOldGuy · · Score: 5, Insightful

    What would really be shocking is if it didn't send data back to some Chinese mothership somewhere.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  4. Software freedom, not nationalism, is needed. by jbn-o · · Score: 4, Insightful

    The real problem is nonfree software—software which denies its users the freedoms of free software—which is also appropriately called user subjugating, proprietary software—not nationalism. There are plenty of software distributors in other countries that mistreat their users by distributing proprietary software. All proprietary software is inherently untrustworthy because proprietary software doesn't grant its users software freedom. Some distributors distribute proprietary software precisely because they know they stand a good chance of getting away with malware (including digital restrictions, spyware, ransomware, and backdoors).

    --
    Digital Citizen
  5. Re:this is different from Goog or MS... how, again by ShanghaiBill · · Score: 4, Interesting

    I've never even heard of the QQ browser

    QQ is huge, used by hundreds of millions of people. It is far more than just a browser. It is an entire social network, with forums, games, and even a virtual currency, QQCoin. When my daughter wanted a dog, I bought her a virtual dog on QQ instead, and told her that I would get her a real dog if she could take care of the virtual dog for a year, and give it virtual food and virtual water everyday (costing more QQCoin). Unfortunately, when we went on vacation, she forgot to suspend it, and it starved to death while we were gone. I also used QQCoin to buy a virtual mink coat for my wife's avatar. So she has a mink coat that all her chat-friends can see, yet no actual minks are harmed. Win-win.