TORONTO – A popular web browser in China may be putting the personal information of hundreds of millions of users at risk, a new report has found.
Tencent’s QQ browser has 853 million monthly active users, according to the company’s most recent public figures. The majority of its users live in China and other countries in Asia.
The browser’s Android and Windows versions send personal data to the company’s servers either without encryption or with encryption that can be easily decrypted, according to a report from the Citizen Lab, based at the University of Toronto’s Munk School of Global Affairs. This personal data includes the URL addresses of visited sites.
READ MORE: Beginner’s guide to protecting your information online
A public wifi network or another third party could acquire users’ personal data by collecting traffic and decrypting the information.
The report also exposed privacy vulnerabilities in how the two browser versions update software. Someone could spoof such an update and install malicious code, like a spyware program, on a QQ browser user’s device, the authors found.
QQ browser users generally would not be aware of these risks, the authors wrote, and would likely be concerned about the privacy breach if they knew.