Apps with security provisions are able to provide confidentiality through end-to-end encryption. All Rights Reserved.Instant messaging applications (apps) have played a vital role in online interaction, especially under COVID-19 lockdown protocols. QQ Tencent Data Security About Jobs Contact However, since the history version of QQ and TIM are still available and an in-app upgrade is not mandatory, users have to navigate to the Microsoft Store or QQ's official site to get the fix. The two aforementioned sites are unblocked as of today.
While emphasizing that all the data the client app read would not be uploaded or saved, the QQ team wrote on Zhihu that "we feel deeply sorry for this, and we are looking to fix security issues in the past and will maintain user data regulation first in the future." A warning sign that reads "harmful website, you shall not visit" is displayed as the user clicks corresponding links inside the QQ chat window, both on desktop and mobile. As for WeChat, Tencent's primary mobile superapp, there is also no evidence yet that it exhibits such behavior.ĭeveloper community V2EX and security forum Pediy were believed to be blocked on QQ soon after discussion threads on the two sites gained traction.
While QQ and TIM was able to do so on Windows, a series of tests showed that platforms like macOS and mobile were not affected. The researcher did not say if QQ/TIM fetch non-Chromium browsers such as Firefox. TIM, Tencent's workplace version of QQ, also shared the code and thus collected user's browsing history as well. The code that ignited such behavior can be dated back to June 2018. all Chromium-based browsers, and even tries to extract hyperlinks. Further reverse engineering revealed that QQ reads the same files from Google Chrome, Edge, 360 Browser, i.e. Last week, a couple of security researchers noticed that the latest version of QQ for Windows tried to fetch user history files from Edge, Microsoft's first party browser for Windows 10, when it shouldn't at all since it's a standalone application to browser. Tencent explained that the QQ PC app was reading these data to help user reduce account security threats and avoid "malicious login attempts".įacing allegations that QQ, a popular IM app in China, collects users' browsing history in the background without consent, Chinese tech giant Tencent issued a rare apology, and said that it has pushed an update to fix the issue. Tencent Apologizes as QQ Found Collecting User Browser History Tencent Apologizes as QQ Found Collecting User Browser History - PingWest English 中文