All web browsers have vulnerabilities, but one piece of Chinese software might be eligible for the title of most insecure browser ever. Likely unbeknown to its users, QQ Browser has been transmitting identifying information—including web histories, search queries, and nearby WiFi networks—with poorly implemented or no cryptographic protection.
In a report published on Monday, researchers from Citizen Lab detailed a slew of vulnerabilities in the Android and Windows versions of the browser (QQ is also available on iOS and OSX, but they did not analyse these versions). The report notes that in 2013, QQ was the eighth most installed application in China for iOS and Android devices, and as of 2012, the app had some 16 million non-Chinese users.
Read more at Motherboard