UC Browser, the Alibaba-owned web browser, has announced a new version of its app that claims to offer 20GB free storage through its integrated cloud storage medium, UC Drive. Announced yesterday, it is also offering a lucky draw that claims to give users 20 grams of free gold during its promotional period of between January 13 and 19. The update is presently drawing considerable traction on social media, with ’20GB free storage’ presently trending on Twitter. To promote its new version, UC Browser has announced multiple partners supporting its new app and offer on Twitter, including various publications, social media platforms, streaming services and more.
UC Browser launched a new version! You can save your favourite videos to #UCDrive and watch online!
— UC Browser (@UCBrowser) January 14, 2020
Privacy and data safety concerns regarding UC Browser have refused to die down, despite it being one of the most popular web browsing apps globally. On the Google Play Store, UC Browser has over 500 million installs and is rated 4.3, and also has similar stats on Apple’s iOS App Store. As of February 2018, UC Browser had disclosed that it had over 130 million monthly active users (MAUs) in India, and has since expanded into providing perks such as curated content through its app, to draw more users on to its platform. That, though, does not safely validate its privacy credentials.
In March 2019, Russian privacy firm Dr Web had stated that UC Browser used an unsecured HTTP pathway to download additional files, which may be required for aspects such as software updates. This, as the vulnerability disclosed, could have been tapped into by threat actors, and used to send malware, ransomware and other spam links to users, who could be tricked into downloading them by considering it as official. A similar threat also surfaced later last year, when in 2019, security firm Zscaler disclosed to Google that UC Browser was still letting users download third party APKs from unsecured channels. Such a move is in full violation of Google’s Play Store app usage and update policy, which states, “Applications distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play.”
The above is a repeated and rather serious breach of basic security requirements, and the issue is further aggravated when one realises exactly how popular UC Browser is. Since the issue was reported in October 2019, UC Browser has since stated that it no longer warrants third party APK downloads from sources outside the Google Play Store, a claim that was verified by reporting cybersecurity organisation Zscaler. No reports surfaced about whether any private data was actually siphoned off using these vulnerabilities, be it directly or as an indirect effect of malware affecting device through this channel.
Privacy malpractices aside, UC Browser is a seemingly credible web browser that offers a fast and feature rich app, hence attracting high MAUs. As a result, it is easy to see why its latest offering of 20GB free storage has generated the extensive buzz on Twitter, and how this might help the app grow even more in India, one of its key markets. That said, it is UC Browser’s own precedent that acts as a deterrent, and it is important that users looking to use the app must proceed with caution with their data. With privacy coming to the fore of late, it is important that users are aware of UC Browser’s track record with handling user privacy, before choosing to use the 20GB free data that is offered to them with UC Browser’s new version.
Common knowledge of the internet affirms that nothing is really offered for free — take a look at Facebook and its data collection practices for reference. As a result, those interested in getting the free data from UC Browser should at least take time out to read UC Browser and UC Drive’s full data usage disclosures and end user license agreements, before proceeding to download the app.