UC Browser


UC Browser is a Chinese web browser developed by mobile internet company UCWeb, a subsidiary of the Alibaba Group. It is one of the most popular mobile browsers in China and Indonesia, and was the 8th most downloaded mobile app of the 2010–2019 decade.
Originally launched in April 2004 as a J2ME-only application, it is now available on a number of platforms including Android, iOS, BlackBerry OS, Java ME, Symbian, Windows Phone and Microsoft Windows. It has been the subject of several security and privacy controversies, and was banned in India on June 29, 2020, shortly after the 2020 China–India skirmishes.

Functionality

UC Browser is a cross-platform web browser primarily targeted at mobile phones. It is known for its small app size and data compression technology, making it popular in emerging markets where people tend to have mobile phones with more limited device memory and internet bandwidth. In particular, the browser is unique in its use of proxy servers, which run data through UCWeb servers before sending it to the user's device, enabling data compression but also posing privacy risks. Additional features of the browser include cloud acceleration, multi-file format downloading, HTML5 web app and cloud syncing features, and "fast download", a feature that downloads files in multiple parts simultaneously.

Platforms

UC Browser is available as both an Android app and an iOS app, and is also available on several other older or discontinued mobile operating systems including BlackBerry OS, Symbian, and Windows Phone. While primarily a mobile app, UCWeb also offers a Microsoft Windows desktop version.
The Android mobile operating system represents the largest user base for the company, which as of 2014 accounted for 300 million of its 500 million users.

Data compression

UC Browser uses proxy servers to compress web pages before sending them to users. This process requires less memory on the user's device and lowers data costs; however, it also poses privacy and security risks as all of the data accessed by the user through UC Browser first runs through a UCWeb server, rather than going directly to the user's device.

UC+: HTML5, WebApp and add-ons

In July 2013, UCWeb announced the UC+ Open Platform. The platform consists of a WebApp store, an add-on platform and an Application Bookmark Platform. It went live with the launch of UC Browser v9.2 for Android.
Developers can use a provided SDK to create programs that the browser runs in different scenarios. Users can download and install them from the browser's add-on panel. Examples include sharing to social media, webpage translation, augmented reality, and voice control. The Application Bookmark Platform allows partner websites to put up a QR code on UC Browser for users to scan, which adds the webpage to their bookmarks. This platform was among the first in China.

Download management

The browser supports simultaneous downloads and includes a download manager, including pages for offline reading. It supports pausing and resuming downloads. The current version of the download manager has features designed to solve common problems while downloading, such as an intermittent internet connection and mislabeled files. The download process can continue after the app is closed, and can also automatically resume if the download is interrupted. The download manager sorts downloaded files by type and places them in respective folders.

Cloud system

UCWeb claims that the cloud system used by the browser tends to fetch data from the closest servers available, making the loading process quicker and smoother for users.

Privacy and security

Privacy

Leaked NSA reports

In May 2015, National Security Agency documents leaked by whistleblower Edward Snowden indicated that UC Browser leaks sensitive data like international mobile subscriber identities, international mobile station equipment identities, MSISDN's, Android ID's, MAC addresses, and geolocation and Wi-Fi-related data without any encryption. These leaks were used by intelligence agencies to track users. The documents also revealed that the Australian Signals Directorate had identified UC Browser as a security weak point. Its widespread use in China, India and Indonesia made it particularly attractive to ASD. The documents revealed that in cooperation with its Five Eyes partners, ASD hacked the UC Browser and infected smartphones with spyware. The ASD declined to comment in relation to the revelations.

Citizen Lab report

In May 2015, Citizen Lab, a laboratory based at the University of Toronto, published a report finding numerous privacy and security issues with both the English language and Chinese language editions of the Android version of UC Browser. The report criticized the transmission of personally identifiable information to various commercial analytics tools and the transmission of user search queries without encryption. They also managed to bypass the encryption of UC Browser, leading them to accuse UCWeb of using non-effective encryption systems to transmit personally identifiable subscriber data, mobile device identifiers, and user geolocation data.
In May 2016, Alibaba Group provided Citizen Lab with updated versions of UC Browser in order to verify their security fixes to these issues. The subsequent update published by Citizen Lab indicated that not all of the previously identified data leaks and privacy breaches had been fixed in UC Browser.

India investigation

After the release of the Citizen Lab report, the Centre for Development of Advanced Computing, Hyderabad, a scientific research unit within India's Ministry of Electronics and Information Technology, began a technical investigation into the "several major privacy and security vulnerabilities that would seriously expose users of UC Browser to surveillance and other privacy violations" alleged in the report. C-DAC found that the browser had been sending user data to Chinese servers and that it retains control over a user's device DNS even after the browser is deleted.

Security

Research has found that UC Browser is insecure, with many vulnerabilities and privacy issues.
In March 2019, analysts at the anti-malware firm Doctor Web publicly disclosed that UC Browser and UC Browser Mini for Android was downloading and installing extra modules from the company's own servers via an unprotected HTTP channel. This exposed browser users to arbitrary remote code execution if an attacker was able to perform a man-in-the-middle attack to deliver malicious module. Furthermore, this violates Google Play policies that forbid Google Play apps from downloading any executable code from any sources outside of Google Play. Researchers contacted both UCWeb Inc. and Google prior to the disclosure, but as of March 26, 2019, neither app was patched and users are still vulnerable to the attack.
According to tests on Qualys, a cloud security firm, and High-Tech Bridge, an internet security firm, UC Browser contains Logjam, FREAK, and POODLE vulnerabilities. UC Browser also uses an outdated RC4 cipher cryptography with deprecated SSL 3 or even SSL 2 protocols, which have many security flaws.

Market adoption

As of March 2014, UC Browser has over 500 million users, largely in China, India, and Indonesia, and as of 2016 it has more than 100 million monthly active users. According to the app analytics firm App Annie, UC Browser was the 8th most downloaded mobile app of the 2010–2019 decade.
UC Browser has gained significant popularity in China, India, and Indonesia. In October 2012, UC Browser topped Opera in Google Play's free Android app download category in India for the first time. According to third-party web analytics firm StatCounter, UC Browser surpassed Opera as India's top mobile browser with 32.82 percent of the market share to Opera's 26.91 percent. Google Zeitgeist 2013 showed that the "Most Searched Mobile Apps" in India were dominated by messaging and browsing apps, with WhatsApp and UC Browser topping the rankings for the most searches on mobile in 2013.
The number of users of UC Browser may be significantly affected by the May 2020 recommendation by India's National Security Council following the 2020 China–India skirmishes that UC Browser and other Chinese-owned apps be blocked due to cyber-security concerns.

History

UC Browser was initially launched in April 2004 as a J2ME-only application.
The logo of UC Browser was redesigned in December 2012, from a cartoon squirrel to a more abstract and stylized icon that's more in line with American designs.
In May 2013, UCWeb customized its browser for Vodafone's Indian customers. It also announced a partnership with Trend Micro, under which both companies worked to provide mobile web safety assessments in the browser.
In August 2013, UC Browser provided distribution channels of companies like AppURL Initiative and partned with distributor Gameloft to sell its products.

Ban in India

On June 29 Monday, 2020, the Government of India banned UC Browser, along with 58 other Chinese apps such as TikTok and WeChat, citing data and privacy issues and claiming that it is a "threat to the sovereignty and integrity" of the country. Many commentators have suggested that the move was a retaliation to the 2020 China–India skirmishes between India and China.