Skip to main content

A man uses a mobile phone in front of a logo of Tencent at the Global Mobile Internet Conference (GMIC) 2015 in Beijing, China, in this April 28, 2015 file photo.

Kim Kyung Hoon/Reuters

A popular web browser in China may be putting the personal information of hundreds of millions of users at risk, a new report has found.

Tencent's QQ browser has 853 million monthly active users, according to the company's most recent public figures. The majority of its users live in China and other countries in Asia.

The browser's Android and Windows versions send personal data to the company's servers either without encryption or with encryption that can be easily decrypted, according to a report from the Citizen Lab, based at the University of Toronto's Munk School of Global Affairs. This personal data include the URL addresses of visited sites.

Story continues below advertisement

A public WiFi network or another third party could acquire users' personal data by collecting traffic and decrypting the information.

The report also exposed privacy vulnerabilities in how the two browser versions update software. Someone could spoof such an update and install malicious code, like a spyware program, on a QQ browser user's device, the authors found.

QQ browser users generally would not be aware of these risks, the authors wrote, and would likely be concerned about the privacy breach if they knew.

In China, the security breach could pose problems for democracy activists, human rights advocates and other so-called high-risk Internet users, according to the report.

The report studied the Android version 9.2.5478 and the Windows version 6.3.01920.

Citizen Lab's director Ronald Deibert sent a letter to Tencent in mid-March asking if the company plans to correct the uncovered privacy vulnerabilities. Tencent did not provide answers prior to the report's publication. However, Tencent did release updates to its Android and Windows versions before the report was published. Both new versions resolve some of the privacy issues.

Citizen Lab has previously found similar privacy concerns with UC browser and Baidu browser. Former National Security Agency contractor Edward Snowden also leaked documents that indicated the Five Eyes intelligence alliance, which includes Canada, used the UC browser's privacy shortcomings to identify and track users, according to the report.

Story continues below advertisement

The similarities between the three browsers' privacy concerns could be a coincidence, the adherence to industry standards, the result of government directives or informal pressure from officials or businesses, or a mix of the latter two factors, the authors suggest. All these causes require more research, they say.

Report an error
Tickers mentioned in this story
Unchecking box will stop auto data updates
Comments

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

If your comment doesn't appear immediately it has been sent to a member of our moderation team for review

Read our community guidelines here

Discussion loading ...

Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.