Although some problems were solved, others still remain.Ĭitizen Lab researcher, Ron Deibert, sent inquiries to TenCent about their data collection activity and whether these actions were done in support of nation state directives. These vulnerabilities were disclosed to TenCent Februand several updates to address these vulnerabilities were released March 2016. This weakness could allow threats to trick users into downloading malware on to their mobile devices.
#QQ BROWSER UPDATE#
The collection of this information by TenCent is concerning especially with the lack of cybersecurity controls in place.Īnother problem is the fact that the update mechanism in the QQ browser is not secured. The collection of information using weak encryption or lack thereof can lead to spying by the user’s ISP, wireless network operator, mobile carrier, malicious actors, or a government agency. This transmission of data is all done without encryption or with weak encryption.
#QQ BROWSER SERIAL#
The Windows version of QQ sends out the URLs of all visited webpages, the user’s hard drive serial number, MAC address, Windows hostname, and Windows user security identifier.
#QQ BROWSER ANDROID#
The Android version of QQ shares “personally identifiable data, including a user’s search terms, the URLs of visited websites, nearby WiFi access points, and the user’s IMSI and IMEI identifiers, without encryption or with easily decrypted encryption.” What most people don’t know is that the mobile browser shares a large amount of personal information about the user, and the app also leaves the user open to malware that can be installed on their phones. The QQ mobile browser is available on both Android and Windows Mobile phones. With a small team, TechNode provides timely news and thoughtfully researched articles for worldwide readers interested in learning more about the Chinese tech industry.Researchers at the Citizen Lab in the of Toronto’s Munk School of Global Affairs have found several problems related to the use of Chinese Company TenCent’s QQ Mobile Browser.
According to media reports, the plaintiff in the injunction case holds a doctorate in law in daring to stand up against major player Tencent, he could inspire other, more rigorous challenges to internet companies’ lackluster user privacy protections. While official censure of tech companies both large and small for over-collecting user data is becoming more common, legal backlash from individual users is less so. However, they may lead to further scrutiny surrounding possible privacy violations by Tencent, especially if the plaintiff follows up with a lawsuit. Why it’s important: An injunction doesn’t carry the same weight as a lawsuit, and its alleged withdrawal throws further doubt about whether the claims are true. Tencent told Chinese media that the injunction has since been withdrawn as of Wednesday midday, the company had not yet responded to TechNode’s request for further details. Furthermore, he wasn’t able to delete the data from the QQ browser. According to the filing, the plaintiff did not give his consent to share user information across platforms, but noticed after logging into the browser via both accounts that personal data such as his profile photos, contacts, gender, birthdate, or geographic location were automatically synced. The app is separate from the tech titan’s popular social platforms WeChat and QQ, although users have the option to log in using their accounts on either service. What happened: In late May, a man in Jiangxi province filed an injunction against Tencent due to perceived violations of his privacy by the company’s QQ browser.
0 kommentar(er)
