Browser also fails to encrypt exfiltrated data, exposing user PII, and also features an insecure update process
Mar 29, 2016 11:00 GMT · By Catalin Cimpanu A report from the Citizen Lab at the University of Toronto reveals that the popular QQ Browser is collecting sensitive user information and sending it in an insecure manner to its servers.
QQ Browser is yet another of those heavily customized Chromium clones that are distributed by companies that have no reason to distribute browsers. In this case, it's Chinese Internet giant Tencent, who provides its QQ Browser for the Windows, Mac, Android and iOS platforms.
According to the research group at Citizen Lab, the Android and Windows versions of this browser are collecting a trove of data from its users and have design flaws that expose this information to prying eyes while in transit.
Full Article