Incognito mode browsing in any web browser is often misunderstood. An ongoing case against Google highlighted this with the company reiterating that it simply indicates that data isn't being saved to your device or browser, but it doesn't represent complete anonymity on the web.
Time will tell how that case plays out for Google, but a new report by security researcher, Gabi Cirlig, has identified a more blatant violation by one of the most popular web browsers on Android and iOS. They've discovered data on every website the user visits being sent back to the company's servers even in incognito mode (via Forbes).
- Best smartphones in 2021
- Apple AirTag review: Quickly and easily find any lost item
- The best cell phone deals in June 2021
The browser is called "UC Browser" and it is owned by the multi-billion dollar Chinese company, Alibaba. The browser has over 500 million downloads on Android alone and according to the GlobalStats statcounter it is the fourth most popular mobile browser in the world behind Chrome, Safari and Samsung Internet.
While the browser claims that no web browsing or search history will be recorded when using incognito mode, Cirlig along with two independent security researchers through Forbes indicated that every website is being recorded and sent to servers owned by the company. Cirlig further asserts that the IP address and an ID number associated with each user is part of the data, which he says "could easily fingerprint users and tie them back to their real personas."
Turning exclusively to the iOS app for a moment, the company failed to update any of its privacy practices in the App Store following the recent feature update requiring every app to do so. While this information was later added, it still failed to disclose anything about monitoring of users' web browsing. Although the English version of the iOS app has subsequently been removed from the App Store, a Chinese-language version remains.
On Android, the app remains available to download and there has been no response so far from any of the companies involved. While there is no specific implication that something nefarious is being done with this data, it is clearly disingenuous behavior and at least appears to be a violation of user privacy. If you have the UC Browser installed on any of your iOS, iPadOS or Android devices you should strongly consider uninstalling and switching to an alternative. If you are trying to avoid Chrome or Safari and are looking for a strong privacy-focused mobile browser Duck Duck Go, Firefox and Brave are all solid options.