Your AdSense code chinese app list-chinese apps in india complete banned

chinese app list-chinese apps in india complete banned

download now 


Here's the complete list of the apps banned: 

1. TikTok free download


2. Shareit free download

3. Kwai free download

4. UC Browser free download

5. Baidu map free download

6. Shein free download

7. Clash of Kings free download

8. DU battery saver free download

9. Helo free download

10. Likee free download

11. YouCam makeup free download

12. Mi Community free download

13. CM Browers free download

14. Virus Cleaner free download

15. APUS Browser free download

16. ROMWE free download

17. Club Factory free download

18. Newsdog free download

19. Beutry Plus free download

20. WeChat free download

21. UC News free download

22. QQ Mail free download

23. Weibo free download

24. Xender free download

25. QQ Music free download

26. QQ Newsfeed free download

27. Bigo Live free download

28. SelfieCity free download

29. Mail Master free download

30. Parallel Space free download

31. Mi Video Call – Xiaomi free download

32. WeSync free download

33. ES File Explorer free download

34. Viva Video – QU Video Inc free download

35. Meitu free download

36. Vigo Video free download

37. New Video Status free download

38. DU Recorder free download

39. Vault- Hide free download

40. Cache Cleaner DU App studio free download 

41. DU Cleaner free download

42. DU Browser free download

43. Hago Play With New Friends free download 

44. Cam Scanner free download

45. Clean Master – Cheetah Mobile free download

46. Wonder Camera free download

47. Photo Wonder free download

48. QQ Player free download

49. We Meet free download

50. Sweet Selfie free download

51. Baidu Translate free download

52. Vmate free download

53. QQ International free download 

54. QQ Security Center free download

55. QQ Launcher free download

56. U Video free download

57. V fly Status Video free download

58. Mobile Legends free download

59. DU Privacy free download


TikTok: everything you need to know about the video production app

TikTok
Despite only launching in 2018, TikTok has enjoyed a dramatic rise to become one of the most popular social media apps on the planet.
Young people, in particular, love its short-form video focus, and it is now one of Generation Z’s favourite tools of expression.
There’s a good chance your child is either using it already or asking to be allowed on it – but what exactly is it, and are there any risks you should be aware of?
Here’s everything parents and carers need to know about TikTok.

What is TikTok?

TikTok was born out of a merger between two already popular apps, Douyin and Musical.ly. It’s based around many of the same features found on those platforms and is primarily a social media app where users can both create and watch short video snippets, often accompanied by music.
Over the two years since its launch, the app has amassed more than 800 million active usersand has consistently stayed at the top of both the Google Play Store and Apple App Store charts.

What sort of content is on TikTok?

You can find videos relating to almost all interests on TikTok, from DIY tricks and make-up tutorials to gaming and sports. People are allowed to let their imagination run wild on TikTok, as there isn’t really a ‘right’ or ‘wrong’ type of content. Your child might use TikTok to pick up new skills, learn how to play an instrument or even connect with people they share an interest with.
The videos are often playful and take maximum advantage of the editing tools to make the 15 seconds of video as memorable as possible. Although most of the content you will find is upbeat, funny and joyful, people also use the platform to respond to current events such as the #BlackLivesMatter campaign and the COVID-19 pandemic. This has led to controversy in the past, with TikTok having been accused of censoring politically-charged content which was especially critical of the Chinese government.
But TikTok has a set of community guidelines all content must adhere to and does not permit, for example, violent, racist, extremist or sexually explicit content on the platform.

How does it work?

Users don’t need an account to watch videos on TikTok but if they want to like, comment, customise their feed or create their own video content, they’ll be prompted to sign up for a free account.
Like most social media platforms, TikTok requires its users to be at least 13 years old, although there’s no robust age-verification in place. When logging in for the first time, the user will be asked to log in using either their email, their Google account, or by linking TikTok to one of their other social media accounts, for instance Facebook or Twitter.
After entering their date of birth and selecting which topics they’re interested in – such as sports, pop culture, music or gaming – the user will be dropped straight into the feed.
In contrast to most of its competitors, TikTok doesn’t require the user to add any information to their profile: they’re issued with a user number, but whether they add a name, profile picture or any other personal information is their choice.
Users are given complete creative control of their content. Putting together a video is very easy and there’s a range of tools available to spruce up the content, such as filters, effects, text and stickers.
Depending on how they’ve adjusted their settings, users can share their content with their follower base and/or the larger TikTok community – and even reshare their content on other platforms such as Instagram or YouTube.
Many high-profile TikTokers – such as the dancer Addison Rae and magician Magic Singh – have achieved stardom by simultaneously building their audiences across platforms.

Are there any risks?

  • Data collection: TikTok has previously come under fire for illegally collecting the data of children under 13, which resulted in a record-breaking fine from the US Federal Trade Commission (FTC) of £4.2m and harsh criticism from the UK’s Information Commissioner's Office (ICO). Fortunately, TikTok doesn’t require users to give much personal information to join the app anymore, but it’s a good idea to minimise the amount of data your child stores on the app and turn off personalised ads in the settings.
     
  • Contact with strangers: Although connecting with new people on social media is not harmful in and of itself, TikTok has previously been in the news for failing to remove sexual messages sent to teenagers. The platform’s guidelines include a section devoted to ‘Minor safety’, which states “We are deeply committed to child safety and have zero tolerance for predatory or grooming behavior toward minors.” To further address concerns, TikTok introduced a feature that prevents under-16s from both sending and receiving private messages – but nothing stops young users from faking their age. Be sure to adjust the app’s settings (more advice below) and let your child know that they can come to you if they’ve had a bad experience which has involved being contacted by a stranger.
     
  • Risky challenges: The social media platform is famous for spawning viral challenges which are a big draw for many users. But TikTok has received a lot of flak for allowing potentially dangerous challenges – such as the Skullbreaker Challenge and the Outlet Challenge – to reach popularity on its platform. Make sure that your child knows not to try risky activities they see on TikTok. You can find further information on viral trends in this Parent Info article.

Does TikTok have any parental controls?

TikTok does offer its users a range of settings to customise their experience and make it safer for young people. And although it’s important to bear in mind that settings and parental controls don’t eliminate risk, they can be a good first step.

How to make an account private

One of the main concerns parents often have about social media is that their child might be contacted by strangers who might not have their best interest at heart. By making an account private, other users must be approved before they can see and interact with your child’s content or contact them. Here’s how to set it up:
  • Go to your child’s ‘Account’ section and tap the three-dot menu in the top-right corner of the screen.
  • Select ‘Privacy and safety’ from the ‘Settings and privacy’ menu.
  • Toggle the ‘Private account’ slider at the top of the page.

How to filter out inappropriate content

TikTok is moderated and content that does not uphold its community guidelines is continuously weeded out. But if you want to further minimise the risk of your child stumbling across mature content, it’s a good idea to enable ‘Restricted Mode’. TikTok doesn’t explicitly say how this works, merely that it “limits the appearance of content that may not be appropriate for all audiences”. To enable it:
  • Go to your child’s ‘Account’ section and tap the three-dot menu in the top-right corner of the screen.
  • Select ‘Digital Wellbeing’ further down on the ‘Settings and privacy’ menu.
  • Go onto the page for ‘Restricted Mode’ and tap ‘Turn on Restricted Mode’.
  • You’ll then be asked to set a password you need to enter to disable it again.

How to manage time spent on the app

Research has found that a moderate amount of screen time per day can be very beneficial for your child, but that doesn’t mean you can’t choose to set limits. TikTok offers a Screen Time Management feature which gives the user a custom daily quota, after which they’ll need to input a password to continue.
  • Go to your child’s ‘Account’ section and tap the three-dot menu in the top-right corner of the screen.
  • Select ‘Digital Wellbeing’ further down on the ‘Settings and privacy’ menu.
  • Go onto the page for ‘Screen Time Management’ and tap ‘Turn on Screen Time Management’.
  • You’ll then be asked to set a password you need to enter to disable it again. If you’ve already enabled ‘Restricted Mode’, it’ll be the same password.

How can I help my child be safer on TikTok?

Using social media can be an enriching activity for young people and a good way to stay in touch with their social circle during these strange times. Although TikTok has significantly stepped up its efforts to keep young people safe, it’s important that your child is aware of the risks they could encounter and know how to respond.
First of all, remind your child to be mindful of what they share and who they share it with. If they choose to have an open profile, they need to understand what that means – everyone can see what they post and TikTok even has a feature that allows other users to save their videos (to disable this option, go to the Privacy and Safety option and turn off ‘Allow your videos to be downloaded’). Try going through the settings together, so you can both share your views on what should be adjusted.
Social media can be hotbeds for misinformation and scams, so encourage your child to think critically about the things they see in their feed. If something seems too good to be true, chances are it probably is.
It might seem obvious, but reassure your child that if they have any questions about the app or have had an uncomfortable experience, they can come to you for support.
And last but not least, make sure that your child knows how to report videos or users if they stumble across inappropriate content and how to block users who are bothering them.

How to report and block a user

  • Go to the user’s profile and hit the three-dot menu in the top-right corner of the screen.
  • Click either ‘Report’ or ‘Block’ from the menu that will appear at the bottom of the screen.
  • In both cases you’ll be asked to give a brief description of the issue and complete a few more steps.

How to report a video

  • Find the video you want to report in the feed or on the user’s profile.
  • Click the arrow-shaped ‘Share’ button on the right-hand side and select the flag-shaped ‘Report’ icon from the menu.
  • Give a brief description of how the video was inappropriate and follow the steps.

Is SHAREit A Chinese App? Learn About The Founder, Origin Country And More

Is SHAREit a Chinese app? Here is everything you need to know about SHAREit origin country, its founder and more. Also, find out how many users it currently has

is shareit a chinese app

Technology is growing at an unimaginable pace. At one point Bluetooth was the only option to share files, music, video and more and now, there are apps that help share files at the speeds that are several times faster than Bluetooth. SHAREit is one such app which currently has more than 1.8 billion users.
This file-sharing app helps users to send videos, images, documents, apps, and more instantly which saves time and makes it more efficient. This app has been intriguing many people because of its simple and easy user interface that allows users to transfer files and documents without using the precious mobile internet, Bluetooth connectivity, USB connections, or additional PC software.
Also Read | Is Xender A Chinese App? What Are The Alternatives Of Xender? Know Details
However, the SHAREit app requires a hotspot and WiFi to connect devices who are in a certain range to each other. At first, it was only launched for Android but now it provides its services for all Android, IOS, Tizen, Windows, PC or Mac devices. The new update to the application allows its users to watch online videos, news and incredible content.
Also Read | Is COD Mobile a Chinese app? 'Call of Duty' mobile origin country revealed
With such alluring features, the SHAREit app has been facing a backlash for being a Chinese application. Many people are asking "is SHAREit a Chinese app?" or "SHAREit is from which country?" If you are also wondering about the SHAREit origin country, here is all you need.
Also Read | Is Zoom Chinese? CEO Eric Yuan calls Zoom American amid allegations of having Chinese link

Is SHAREit a Chinese app?

The most loved file-sharing application called the SHAREit app was first launched as a Lenovo application in China. Lenovo is a China-based tech company. However, later SHAREit entered the Indian market in 2013 and found a sudden boom in the number of users. It is currently a leading file-sharing application in India. However, the answer to "Is SHAREit a Chinese app?" is yes.
SHAREit app founder
The SHAREit app is by a Chinese tech company also known as the SHAREit Technologies Co.Ltd. The co-founder of this Chinese application is Michael Qiu who is also the CEO of the organisation. However, being one of India's favourite apps, SHAREit Technologies Co.Ltd has two bases in India, one in Gurgaon, which is the first Indian base of the company, and one in Bangalore.




Tencent-backed Kwai App ranked Most Popular social short video app


PRESS RELEASE PR Newswire
 May. 28, 2018, 06:00 AM
SINGAPOREMay 28, 2018 /PRNewswire/ -- Kwai, a social video app based in Beijing ranked first as the most downloaded video social sharing app in South KoreaVietnamPhilippinesRussiaThailandIndonesia and Turkey. The app allows users to capture, upload and share short videos easily onto their platforms.
As mobile internet becomes readily available everywhere, the demand for knowledge sharing and instant access to information at one's fingertips increases. Kwai enables users to capture and share their experiences and knowledge instantly with the community via short videos.
In July 2013, Kwai first officially launched its short video social platform in China and quickly gained popularity in both urban cities and rural villages. To date, it has achieved an impressive milestone of 120 million daily active users. This is the cornerstone of Kwai's global expansion.
In late October 2017, Kwai officially expanded to South Korea and exceeded 10 million users in less a month. According to the data from App Annie, Kwai was ranked first in both the top downloaded video editing App category and overall most downloaded mobile App in South Korea.
Kwai then turned its eyes to the Southeast Asian market. Kwai made its move into Vietnam on 10 November 2017and achieved similar success by topping the charts as the most downloaded app in both Google Play and App Store. Local video bloggers and celebrities also started using the app for its wide variety of interesting features and user-friendly functions. Vietnamese users living in China who share about their lives and experiences in China has opened up a kaleidoscope of new perspectives and a new way of knowledge sharing amongst Vietnamese users living in Vietnam.
In addition, Kwai also ranks top as the most downloaded iOS app in the Philippines and Indonesia App Store. It is one of the first short video platforms that encourages users to capture and document moments in their daily lives.
Outside of China, the app is present in over a dozen countries and regions, including RussiaSouth KoreaJapanThailandVietnamPhilippinesMalaysiaIndonesiaBrazil, America, IndiaMiddle East, etc., with more than 70 million users and boast an impressive monthly active users rate of 20 million users (excluding China market).
According to the global data report released by Sensor Tower, Kwai has been ranked fourth just behind American counterparts, Tinder, Netflix and Pandora, on The Ranking List of Leading Non-mobile Game Apps in January 2018.
Kwai is not just the most downloaded video sharing app in China, but also the most downloaded app in more than eight countries on both Google Play and App store.
More than 15 million videos are uploaded every day by Kwai users boasting celebrity users from South Korealike G-Dragon, IU, Bae Suzy, Lim Yoona, Twice and also popular Vietnamese singer Dong Nhi with other Vietnamese stars such as Huy Cung, Toki Uni5, Ribi Sachi and Gino Tong.
To ensure that the content on the platform stays healthy, Kwai uses both automatic and manual review systems to monitor all user-generated content. As an additional measure, Kwai has recently released the "Parental Control" function which blocks unsuitable content to protect children and youths. Kwai is the first company in China to introduce this and will be rolling it out to its other markets outside of China at a later stage.
In March this year, Kwai removed over 430,000 videos that were against regulations, blocked over 25,000 accounts and shut down nearly 3000 broadcasting studios each day.
"Keeping the platform healthy and suitable for children, youths and people of all ages is definitely one of our top priorities. We will continue to invest in AI and big data technology to provide more benefits to our users and improve the user experience, e.g. refining our content search to be more targeted and relevant to our users' interests."
About Kwai
Launched in 2011 and headquartered in Beijing, Kwai has over 700 million global registered users and more than 120 million daily active users. For its markets excluding China, it has an impressive monthly active users rate of 20 million. The short video social platform has over 4 billion user-generated content since its beginning and is invested by giant internet companies such as Tencent and Baidu. Kwai prides itself as a user-oriented technology driven company and is committed to continuously invest in the state-of-the-art AI and big data technology to improve and redefine user experience and the way one lives. For more information, please visit http://www.kuaishou.com.
SOURCE Kwai









A Chatty SquirrelPrivacy and Security Issues with UC Browser

Additional resources:
  • Read Ron Deibert’s op-ed in the Globe and Mail.
  • Read our primer on mobile privacy and security.
  • Read the Summary: Privacy and security issues with UC Browser.
  • Read the Summary in Chinese: 啰嗦的松鼠:UC浏览器的隐私与安全问题.
A follow-up to this report with further analysis of UC Browser is available here: A Tough Nut to Crack: A Further Look at Privacy and Security Issues in UC Browser.

Section 1 – Introduction & Overview

UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story. The CBC contacted us requesting our comment. The document, apparently prepared in 2012 by Canada’s signals intelligence agency, the Communications Security Establishment (CSE), noted the existence of security vulnerabilities in UC Browser. Given the Citizen Lab’s ongoing research into popular Asian communications tools, and the possibility of vulnerabilities affecting a large number of users, we decided to conduct an independent investigation of UC Browser. While media outlets are publishing a story about the CSE document, we cannot determine if the problems we identify in UC Browser and that are described in this report are identical to those referenced in the 2012 CSE document.

Summary of findings

We have identified a series of major security and privacy issues in the English language and Chinese language editions of the Android version of UC Browser. Our notification to the parent companies is described below in detail. We found that both versions of the application leak a significant amount of personal and personally-identifiable data; as a result, any network operator or in-path actor on the network can acquire a user’s personally identifiable information (including cellular subscriber information, mobile device identifiers, geolocation data, and search queries) through trivial decrypting of traffic or by observing unencrypted traffic. Specifically, the issues we found include:
Transmission of personally identifiable information and user search queries without encryption:
  • User data, including IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent without encryption to Umeng, an Alibaba analytics tool, in the Chinese language version.
  • User geolocation data, including longitude/latitude and street name, are transmitted without encryption by AMAP, an Alibaba mapping tool, in the Chinese language version.
  • User search queries are sent without encryption to the search engine Shenma (in the Chinese language version) or Yahoo! India and Google (in the English language version).
  • Reason for concern: The transmission of personally identifiable information, geolocation data and search queries without encryption represents a privacy risk for users because it allows anyone with access to the data traffic to identify users and their devices, and collect their private search data.
Transmission of personally identifiable information and geolocation data with easily circumvented encryption:
  • Location and user data, including IMSI, IMEI, and data about nearby cellular towers and Wi-Fi access points, are sent with easily circumvented encryption by AMAP, an Alibaba mapping tool, in the Chinese language version.
  • Reason for Concern: UC Browser’s transmission of personally identifiable subscriber data, mobile device identifiers, and user geolocation data without effective encryption presents a security and privacy risk for users.
Private user data is retained on the device even after clearing the application’s cache:
  • In the Chinese language version, when users attempt to delete their private data by clearing the application’s cache their DNS lookups are not deleted.
  • Reason for concern: The cached record of DNS lookup data would allow for a third party with access to the device to identify the websites that a user visited.
This report is a continuation of our prior work examining the security and privacy of popular mobile applications in Asia. Our previous research includes investigations of censorship practices of search engines offered by Google, Microsoft, and Yahoo! in the Chinese market along with domestic Chinese search engine Baidu. In addition, we have analyzed keyword censorship and surveillance in TOM-Skype (the Chinese version of Skype at the time) and keyword censorship in Sina UC, another Chinese instant messaging platform. We are currently conducting comparative analysis of mobile chat applications used in Asiaincluding WeChat, LINE, and KakaoTalk.
For those who may be interested in more context on mobile security and privacy, please see our general introduction to mobile communications. Click on the image below to read “The Many Identifiers in our Pockets.”








Smartphone applications do not transmit data in isolation
Figure 1: Overview of mobile device data transmission.

Notification

We disclosed our findings to Alibaba and UCWeb on April 15, 2015, and informed them that we would publish this report on or after April 29, 2015. Alibaba responded to our notification on April 19, 2015, indicating that their security engineers were investigating the issue. We followed up on April 23, 2015 to reiterate our intention to publish this report on or after April 29, 2015. As of May 19, 2015 we have not received further communication from Alibaba or UCWeb.
On May 19, 2015 we tested version 10.4.1-576 of the Chinese language version of UC Browser, which was downloaded from the uc.cn website. This version does not appear to send location data insecurely to AMAP as described in this report. However, the issues we describe in this report relating to insecure data transmission to the Umeng component, as well the lack of encryption on search queries, remain in this version. Users who use the Chinese version of UC Browser should upgrade the application and ensure they are running version 10.4.1-576 or above.

Section 2 – UC Browser: Quick Background

UC Browser is a mobile web browser for Android, IOS, Windows Phone, and other platforms. A Windows version was released in April 2015. The application is the flagship product of UCWeb Inc., a Guangzhou, China-based company founded in 2004. After an initial investment by e-commerce giant Alibaba, the two companies launched the joint mobile search service Shenma. Shenma reportedly has more than 100 million users per month. In June 2014, Alibaba purchased the remaining stake in UCWeb in the biggest ever merger of Chinese Internet firms.
UC Browser is among the most popular mobile apps in the Chinese Internet space. UC Browser claims to have more than 500 million registered users, and is reported to be the most popular mobile browser in China and India. Overall, the application is the fourth most popular mobile browser globally and is behind only pre-installed Chrome, Android, and Safari browsers.
UCWeb Inc. claims the app has 100 million daily active users, while parent company Alibaba’s 2014 prospectus reported the number of active users at 264 million in June 2014. UC Browser was ranked as the second most popular app by usage in China in January 2013. The company has also increased its global push, and claims it has at least 10 percent market share in 10 different countries.
UC Browser offers a custom default homepage with links to search engines and social media integration, as well as news, weather, and shopping services. A set of features are aimed at reducing bandwidth usage on mobile clients. “Cloud download,” for example, allows users to send downloads directly to UDisk (a UC cloud offering) in order to save on bandwidth costs. In addition to this feature, UC Browser can act as an optional proxy and compress web sites it fetches to reduce bandwidth consumption.

Section 3 – Methodology and Technical Analysis

This section describes the methods we used to analyze UC Browser, and presents detailed findings from our analysis.
We isolated specific versions of the Chinese- and English-language builds of UC Browser for Android and analyzed their mobile (cellular network) data and Wi-Fi traffic. We also analyzed the application’s data retention and deletion practices. Our analyses revealed major privacy and security issues with all of the tested versions of UC Browser. Figure 2 highlights the major findings for the Chinese language version of UC Browser.
Data leakage in UC Browser (Chinese language version)
Figure 2: A visual summary of privacy and security issues presented by UC Browser.

Test Setup

We isolated specific versions of the Chinese- and English-language builds in order to examine UC Browser’s security and privacy features. Specifically, we monitored the data that was transmitted between the application and external servers. We were specifically interested in what, if any, personally identifiable information was transmitted by UC Browser, and whether encryption was used to secure those transmissions. We analyzed the state of the application, both in-idle state (soon after the app was opened) as well as during use of the app’s features, such as searching. Lastly, we examined the data UC Browser stored on the device, and whether that data was protected with encryption.
Tests were conducted within an Android emulator and on an Android handset. All traffic sent to and from the device was collected and analyzed using the packet-capture utility WireShark. We decompiled the downloaded APKS with APKtool and then analyzed the code for functionality related to the transmission of user data.

Versions Analyzed

We analyzed two versions of UC Browser for Android. We downloaded the two versions from different app stores: the Chinese-language version of UC Browser (UC浏览器) was downloaded in March 2015 from the Xiaomi mobile app store. Henceforth we will refer to this app as UC Browser (Chinese) to distinguish between versions. We downloaded the English version, henceforth UC Browser (English), in April 2015 from the UCWeb website. These two versions have differences beyond language: by default, the Chinese version uses Shenma (sm.cn) for search, while the English version uses Yahoo! India and Google; the Chinese version has links to China-based services such as Baidu, Sina Weibo, and Youku, while the English version uses services such as Google, Facebook, and Twitter.
Side-by-side comparison of UC Browser (Chinese) and UC Browser (English).
Figure 3: Side-by-side comparison of UC Browser (Chinese) and UC Browser (English).
Side-by-side comparison of permissions requested during installation of UC Browser (Chinese) (left) and UC Browser (English) (right) versions of UC Browser.
Figure 4: Side-by-side comparison of permissions requested during the allation of UC Browser (Chinese) (left) and UC Browser (English) (right) versions of UC Browser.
Figure 4 shows the permissions that the Chinese and English versions of UC Browser require when being installed on an Android device. For the purposes of this report, it is notable that the application requests access to phone status and identity, geolocation information, the ability to read Web bookmarks and history, as well as to extensive networking information. As discussed further in the report, UC Browser (Chinese) accesses phone identity and geolocation information and transmits it insecurely.
Table 1 summarizes the two versions of UC Browser we analyzed:
PlatformVersion (Language)VersionDate DownloadedSource
AndroidUC Browser (Chinese) (UC浏览器)10.2.1_161March 12, 2015Xiaomi App Store: http://app.mi.com/detail/1363
AndroidUC Browser (English)10.4.1.565April 10, 2015Direct from UC website: http://www.ucweb.com/ucbrowser/download/android.html

3.1 UC Browser (UC浏览器) Chinese language version 10.2.1_161

This section describes our findings from analyzing the Chinese language version of UC Browser (UC浏览器), downloaded from the Xiaomi mobile app store. Our test results are summarized in Table 2:
Table 2: Summary of test results for UC Browser (Chinese).
TestModeResults
Idle testCell only
  • The AMAP component of UC Browser (Chinese) contacts apilocate.amap.com, and sends user and device identifiers (IMSI, IMEI) and location data (cell tower data) with easily circumvented encryption.
  • The Umeng component of UC Browser (Chinese) sends device identifiers (including IMSI, IMEI, Android ID) without encryption.
Idle testCell + Wi-Fi
  • The AMAP component  sends, with easily circumvented encryption, the same data as noted in the row above (“Cell only” mode). In addition, it sends device Wi-Fi MAC address, SSID, and MAC address of the Wi-Fi access point to which the user is connected, and nearby wireless access points.
  • The Umeng component sends the same device identifiers as noted in the row above (“Cell only” mode), with the addition of the device Wi-Fi MAC address, without encryption.
SearchCell only & Cell + Wi-Fi
  • Search queries using the search bar are sent to Alibaba’s Shenma search engine without encryption.
Data storageCell only & Cell + Wi-Fi
  • After clearing the application’s private data, the cached record of DNS lookup data remains.

Idle test

In our first test, we launched the application, let UC Browser (Chinese) idle for 270 seconds, and collected all network traffic sent to and from the device. We then analyzed that traffic to determine what data was being sent and its destination. We performed the test first by connecting the mobile device to the Internet using a cellular connection, and, second, by connecting the device to the Internet using a Wi-Fi network.

Testing UC Browser (Chinese)’s Cellular-Only Communication

Upon starting the application, the application communicated with the following hosts over HTTP:
Hosts communicated with by UC Browser (Chinese) within 270 seconds of launching the app
Figure 5: Hosts communicated with by UC Browser (Chinese) within 270 seconds of launching the app

Easily decrypted data sent to AMAP

As seen in Figure 5, the majority of communications (57% of HTTP packets in our 270-second sample) are between the application and apilocate.amap.com. AMAP is a mobile mapping application that was originally developed by Autonavi, a company acquired by Alibaba in April 2014. AMAP is estimated to have more than 100 million users.
Investigating these communications further, we saw that a typical exchange with apilocate.amap.com looked as follows:
Sample communication between UC Browser (Chinese) and apilocate.amap.com. The user-agent string indicates this communication is from “AMAP Location SDK Android 1.0.5.” We have redacted personally identifiable data.
Figure 6: Sample communication between UC Browser (Chinese) and apilocate.amap.com. The user-agent string indicates this communication is from “AMAP Location SDK Android 1.0.5.” We have redacted personally identifiable data.
As we were interested in determining what, if any, data the application transfers from the device, the block of data sent to apilocate.amap.com was of interest. We used a freely available tool, pyhttpextract, to decipher the contents of this encoded data block. After using this tool, we saw that UC Browser (Chinese) sent the following data to apilocate.amap.com:
Deciphered communication between UC Browser (Chinese) and apilocate.amap.com. Personally identifiable data redacted with asterisks.
Figure 7: Deciphered communication between UC Browser (Chinese) and apilocate.amap.com. Personally identifiable data redacted with asterisks.
The encoded data sent within the ‘<sreq>’ structure intrigued us because it was a relatively large block of data. Its size suggested that it might contain user data. To confirm if user data was present we first analyzed how the data was encrypted. Using apktool we decompiled UC Browser (Chinese) to see how the application created and serialized the ‘<sreq>’ structure. After decompiling, we looked for the string ‘sreq’ in the outputted code and found this in a directory associated with the com/apps class (Android programs often incorporate a mix of components, called classes, sometimes from different developers).
Since the com/aps/* directory serializes the ‘sreq’ structure in which we were interested, we next examined this directory to see which .smali files (code format used by Android) translated to which .java filenames:
Mapping of smali files in com/aps directory to java source code.
Figure 8: Mapping of small files in com/apps directory to java source code.
We examined the file Aes.java in searching for the component of the application that encrypted data in the ‘sreq’ structure (AES is a widely used form of encryption). The file showed that encryption was performed using symmetric AES/CBC encryption that used the hard-coded key ‘autonavi_amaploc’. The encryption process is shown in Figure 9:
Aes.java smali code showing AES/CBC encryption with a hard-coded key.
Figure 9: Aes.java small code showing AES/CBC encryption with a hard-coded key.
The use of symmetric encryption with a hard-coded key means that anyone who knows the key can decrypt UC Browser (Chinese) traffic in transit. Moreover, key holders can also retroactively decrypt any historical data that they have collected or obtained.
We used a standard AES decryption tool to decrypt the ‘sreq’ data structure in order to demonstrate that retroactive decryption was possible. After formatting the structure for readability, the data sent looked as follows:
Decrypted data sent via AMAP service. Personally identifiable data redacted with asterisks.
Figure 10: Decrypted data sent via AMAP service. Personally identifiable data redacted with asterisks.
The data sent to apilocate.amap.com included a number of unique identifiers. The first set referred to the mobile device itself: the IMSI, IMEI, and unique user data related to this installation of UC Browser (Chinese). The second set referred to details of the cell tower to which the device is connected: the Mobile Country Code (MCC), Mobile Network Code (MNC), Location Area Code (LAC), Cell Tower ID, and the cell tower signal strength. In aggregate, these sets of information can be used to identify the cellular subscriber, the physical handset, and the physical location of the device.
After transmitting this location information, the application received an unencrypted response that included the longitude/latitude of the user (the ‘cenx’ and ‘ceny’ values seen below), as well as the specific street name where the user was located, as shown below in Figure 11:
Unencrypted response received by UC Browser (Chinese).
Figure 11: Unencrypted response received by UC Browser (Chinese).
Such identifications are problematic because, using the information and the rate at which the application transmits it, we can determine a cell tower location with considerable accuracy and thus geolocate the person using the application. As an example, we were able to pinpoint the location of our lab where we conducted the testing, as shown in Figure 12:
Example of location identified from MCC, MNC, LAC, and CellID.
Figure 12: Example of the tion identified from MCC, MNC, LAC, and CellID.
In summary, we strongly suspect that AMAP is the component of UC Browser (Chinese) that is responsible for transmitting the geolocation information. Our belief is based on the fact that the user-agent string (“AMAP Location SDK Android 1.0.5”), the location where the data is sent (apilocate.amap.com), and the text of the hard-coded key (‘‘autonavi_amaploc”) all reference AMAP. Given the apparent integration between AMAP and UCWeb,we believe that it is likely that AMAP was incorporated into UC Browser (Chinese) to provide mapping and geolocation functionality.

Unencrypted data transfer to Umeng

As seen in Figure 5, UC Browser (Chinese) also periodically contacted utop.umengcloud.com and upoll.umengcloud.com when idle. Umeng is a mobile analytics service that is reportedly used by over 180,000 applications. It was purchased by Alibaba in 2013. The data structure sent, unencrypted, to utop.umengcloud.com hosts looked as follows:
GET request made to utop.umeng.cloud with a cellular Internet connection showing that application sends IMSI, IMEI, Android ID, and build serial number without encryption. Personally identifiable data redacted with asterisks.
Figure 13: GET request made to utop.umeng.cloud with a cellular Internet connection showing that the ication sends IMSI, IMEI, Android ID, and build serial number without encryption. Personally identifiable data redacted with asterisks.
A number of unique personal identifiers are included in this data structure. This included the IMEI, IMSI, device Android ID (‘c6’), and the build serial number (‘c5’). Like AMAP, we believe it is likely that Umeng was incorporated into UC Browser (Chinese) to provide in-app analytics.

Testing UC Browser’s Wi-Fi Communication

Easily decrypted data sent to AMAP

Upon starting the application and letting it idle for 270 seconds while connected to a Wi-Fi network, we found that UC Browser (Chinese) sent the same easily-decrypted user data seen in Cell only communication. However, in addition the application sent data about nearby Wi-Fi access points, including their MAC address. These data elements are identified in Figure 14:
Data sent by UC Browser (Chinese) to AMAP when Wi-Fi is enabled. Personally identifiable data redacted with asterisks.
Figure 14: Data sent by UC Browser (Chinese) to AMAP when Wi-Fi is enabled. Personally identifiable data redacted with asterisks.

Unencrypted data transfer to Umeng

When connected to a Wi-Fi network, personal user data is also sent unencrypted to Umeng. In addition to the data sent while connected to a cell network, the application also sent the device’s Wi-Fi MAC address. Figure 15 shows a sample of traffic sent to utop.umengcloud.com while connected to a Wi-Fi network:
Traffic sent to utop.umengcloud.com during idle. Personally identifiable data redacted.
Figure 15: Traffic sent to utop.umengcloud.com during idle. Personally identifiable data redacted.
Re-formatting the above traffic for readability shows the following GET request to utop.umengcloud.com:
GET request made to utop.umengcloud.com with Wi-Fi enabled showing that IMSI, IMEI, Android ID, and device Wi-Fi MAC address are sent unencrypted. Personally identifiable data redacted with asterisks.
Figure 16: GET request made to utop.umengcloud.com with Wi-Fi enabled showing that IMSI, IMEI, Android ID, and device Wi-Fi MAC address are sent unencrypted. Personally identifiable data redacted with asterisks.
In summary, when connected to a Wi-Fi network, the IMSI, IMEI, Android ID, and Wi-Fi MAC address are sent unencrypted by UC Browser (Chinese) to umengcloud.com.

Examining the Search Functionality of UC Browser (Chinese)

The Chinese version of UC Browser uses the mobile search engine Shenma, a joint venture between UCWeb and Alibaba. Search queries that are entered into the search bar were sent without encryption to http://m.sm.cn, as seen in Figure 17:
Search for “cntower” using Shenma mobile search engine via UC Browser (Chinese) search bar.
Figure 17: Search for “cntower” using Shenma mobile search engine via UC Browser (Chinese) search bar.

Insecure Data Deletion in UC Browser (Chinese)

As part of our research we conducted tests to determine what, if any, personal user data was stored on the device. We began by selecting the option in the application allowing users to delete private information from the device, such as cookies and browser history. After selecting this option, we examined whether user data remained on the device by checking the cache directory for the application. While most user data was deleted, a record of the application’s DNS lookups remained, as shown in Figure 18:
DNS records found in cache after private information was deleted.
Figure 18: DNS records found in cache after private information was deleted.
This DNS data was stored in the cache as a serialized LinkedHashMap, and persisted even after all other data in the cache had been cleared using the application’s feature to clear private browsing data. There was sufficient plaintext remaining that the records could be read using a simple text editor. In other words, even if a user attempts to clear browsing records their personal data remains available for scrutiny and can be trivially accessed.

3.2 UC Browser (English) language version 10.4.1.565

We next conducted tests of the English language edition of UC Browser version 10.4.1.565. This version was downloaded as an APK directly from the UCWeb English-language website. Our test results are summarized in Table 3:
Table 3: Summary of test results for UC Browser (English).
TestBothResults
Idle testCell only & Cell + Wi-Fi
  • No issues identified
SearchCell only & Cell + Wi-Fi
  • Search queries sent through the search bar are sent unencrypted to Yahoo! India
  • Search queries sent through the address bar are sent unencrypted to Google
Data storageCell only & Cell + Wi-Fi
  • No issues identified

Idle test

We performed the same idle test described previously with the English language version: the application was launched, left idle for 270 seconds, and all traffic sent to and from the device was collected. We first performed the test by connecting the mobile device to the Internet using a cellular connection and, second, by connecting the device to the Internet using a Wi-Fi network.
Our analysis showed that UC Browser (English) did not send and receive traffic through the AMAP or Umeng component as in the Chinese language version. We were not able to identify any easily decrypted traffic sent in the English language version.

Search

UC Browser (English) has two methods for performing web searches. The first method is by tapping the “Search” button shown in the upper-right hand corner of the application. The second method is by entering a search term in the address bar to the left of the search button. Both of these methods can be seen in the following screenshot:
Screenshot of search features of UC Browser (English). Both the “Enter URL” and “Search” fields can be used to perform a web search.
Figure 19: Screenshot of search features of UC Browser (English). Both the “Enter URL” and “Search” fields can be used to perform a web search.
We performed searches through both methods and observed the traffic sent and received by UC Browser (English). Performing the search through the search bar sent data unencrypted to Yahoo! India search, as shown in this packet capture:
Packet capture of search for ‘toronto bluejays’ (highlighted in blue) performed using search bar in UC Browser (English). Search query is sent unencrypted to Yahoo! India.
Figure 20: Packet capture of search for ‘toronto bluejays’ (highlighted in blue) performed using search bar in UC Browser (English). Search query is sent unencrypted to Yahoo! India.
In addition, the results of such a search are displayed with a green checkmark at the far left of the search bar:
Search results for an unencrypted search to Yahoo! India with a green checkmark.
Figure 21: Search results for an unencrypted search to Yahoo! India with a green checkmark.
The use of this green checkmark could lead to some confusion with users, as most web browsers use a green icon to the left of the search bar to reflect an encrypted connection. UC Browser (English) displays a green padlock to the left of the browser bar if the HTTPS-encrypted version of a site is opened manually in a browser.
Next, we performed a search by entering a search term in the address bar of UC Browser (English). This search was sent unencrypted to Google search:
Packet capture of search for “go jays” (highlighted in blue) performed using the address bar of UC Browser (English).
Figure 22: Packet capture of search for “go jays” (highlighted in blue) performed using the address bar of UC Browser (English).
In summary, both methods of performing a search in UC Browser (English) sent the search query unencrypted to either Yahoo! India or Google. The standard web version of each of these search engines uses HTTPS encryption by default.

Data storage

Finally, we analyzed how UC Browser (English) stored personal user data on the device. The English language version, unlike the Chinese language version, did not store DNS lookup data as part of the private browsing data. Further, using the option within the application to delete private browsing data did delete all such data.

Section 4 – UC Browser Leaks Sensitive User Data

Our analysis shows that both versions of UC Browser leak information to third parties, but that privacy and security concerns for the Chinese language UC Browser are much greater. The Chinese UC Browser version we tested (“UC Browser (Chinese)” in this report) leaks a significant amount of personally identifiable information, raising major security and privacy concerns. The leakage of the IMSI, IMEI, and geolocational information can identify a cellular subscriber, the device that they are using, and their specific location. As a result of the weak encryption used by UC Browser, any party with access to the data traffic — either real-time or historical — can link specific devices to specific places at specific times. And if the decrypting party has a large volume of data they can track subscribers vis-a-vis their mobile devices as they move around the world.
Just by installing and opening UC Browser (Chinese), users unwittingly expose a significant number of personal identifiers and location information to numerous third parties. Although users must agree to grant the application permission to access personal identifiers and location data, it is not made clear to the user how this data will be shared. This exposed information includes:
  • Device info sent unencrypted: IMSI, IMEI, Android ID, and Wi-Fi MAC address
  • Search queries sent unencrypted
  • Location data received unencrypted: longitude/latitude and street name
  • Device and location sent with breakable encryption: IMSI, IMEI, MCC, MNC, LAC, CellId, nearby cellular towers and Wi-Fi access points
In many political jurisdictions (including China and India) it is common for authorities to require telecommunications companies, cellular providers, and Internet cafes to share the data they collect with security agencies as a condition of obtaining an operating license. By leaking a large volume of fine-grained data points to multiple network operators, the UC Browser app is increasing the risks to its users that such data may be used against them by authorities, criminals, or other third parties.
The data leakages we outline are particularly problematic for individuals who use their devices to engage in sensitive communications or for whom disclosing their physical location could place them at increased risk. Similarly, individuals concerned with protecting sensitive activities related to their work while traveling or communicating should be concerned about the potential for industrial espionage.
While we concluded that UC Browser (English) leaks considerably less identifying information, users might be surprised to realize that, despite the presence of an icon suggesting security in one of the search bars, their search terms are transmitted without encryption to Google and Yahoo! India servers.

On the issue of mobile security and privacy

Ultimately, the concerns identified here with respect to UC Browser demonstrate the larger challenges of ensuring user security and privacy within the burgeoning market for mobile applications. The mobile ecosystem is complex and multi-layered, involving large volumes of personally identifiable information that are transmitted across networks, devices, operating systems, and applications owned and operated by numerous private companies across many political and regulatory jurisdictions. Such a complex system underscores the importance of systematically evaluating the privacy and security of mobile communications as they become integral to the everyday lives of individuals and communities worldwide.

Would Encryption Solve UC Browser’s Problems?

We have highlighted the lack of encryption for personally identifiable data as a key reason for concern over UC Browser. Encrypting data that is this sensitive certainly represents an industry best practice, and it is unclear why only the English version seems to implement encryption consistently. Modifying the Chinese version to match the encryption used in its English counterpart could be an important step in increasing user security, as would encrypting queries to Google and Yahoo! India in the English version.
However, even if all data were strongly encrypted, this step would simply simply make it more difficult for unauthorized parties to read the contents of data transmissions. Encrypting sensitive user data can limit the number of actors who can access the data but does not prevent the inappropriate collection, retention, and analysis of the data by application developers and their commercial partners. Put bluntly: increases in transport security do not necessarily improve corporate data handling practices.
The core advantage of better encrypting data traffic is to engage, and hopefully make more transparent, the processes that government agencies and other third parties must engage in to access information that is collected, retained, and processed by application developers. In many jurisdictions, authorities will first have to obtain a court order before lawfully accessing the application developers’ data. Nevertheless, when data is held in jurisdictions where this process is not enshrined, or where there are strong incentives to share the data, encryption alone does not solve the problem.

Baidu Map — Satellite Images of Baidu

original name: Baidu
geographical location: Fuqing, Fujian, China, Asia
geographical coordinates: 25° 43' 43" North, 119° 26' 24" East


detailed map of Baidu and near places

Google Local — Baidu mapWelcome to the Baidu google satellite map! This place is situated in Fuqing, Fujian, China, its geographical coordinates are 25° 43' 43" North, 119° 26' 24" East and its original name (with diacritics) is Baidu. See Baidu photos and images from satellite below, explore the aerial photographs of Baidu in China. Baidu hotels map is available on the target page linked above.

Post a comment

0 Comments

Contact form

Search This Blog

Categories

Translate

About Us