According to an official in the Ministry of Electronics and Information Technology that there are complaints against the UC Browser that it sends the mobile data of Indian users to its China-based server. “Complaints have been received against UC Browser that it sends mobile data of Indian users to servers in China. The matter is being looked into,” the official said. The browser was first reported under security flaws in May 2015 by the University of Toronto. Now, it is now being looked into by the Centre for Development of Advanced Computing (C-DAC), Hyderabad. The C-DAC team is doing a technical investigation into the allegations made in the University of Toronto report. The report had claimed that the browser had several major privacy and security vulnerabilities that would expose users to surveillance and other privacy violations. Now, according to the source UC Browser sends user and device identifier data such as IMSI and IMEI numbers along with location data to a server based in China. So, whenever a device is connected to the Wi-Fi, details like the phone’s identity and access point information are sent to the remote server. UC Web also commented on the matter stating that it takes security and privacy very seriously. “At UC Web, we take security and privacy very seriously and work hard to comply with local regulations of each region we operate in… We have strong measures in place to encrypt the data while we transmit it,” the spokesperson for the company said. UC Browser is a mobile web browser developed by the Chinese Internet company UCWeb. It is owned by the Alibaba Group. It is available for Android, iOS and Windows devices. It has crossed 500 million users globally. Interestingly, UC Browser is the second most used web browser in India after Google Chrome. It claims to have over 100 million monthly active users in India.

Update

The UCWeb reacted to the reports of leaking mobile data of its Indian users and sending to China. The company on Wednesday said it would never breach the trust of its users.The company said that it was a standard industry practice to collect user information and data.“It is common practice for IT companies to place servers all around the globe to provide better service to its users. We have strong measures in place to encrypt the data while we transmit it,” the company told. It also clarified that the company took necessary authorization from users and its systems were protected by a licensing agreement. “We take necessary authorisation from users to collect this data. Our systems are protected by an end-user licensing agreement which protect the interest of our users,” the group said further.