Clean Master collected browsing data from over a billion Android devices

Clean Master collected browsing data from over a billion Android devices

Android app using browsing data

Clean Master, a popular antivirus and private browsing app that enjoyed over a billion downloads on the Google Play Store, was recently found collecting web browsing details of Android users.

The app was among six hundred applications kicked out by Google from its Play Store in February for various violations of Google’s terms and conditions. However, according to Forbes, Clean Master continues to remain one of the most downloaded apps on the Play Store and is likely running on more than a million devices.

While Google chose not to comment in regards to the application, Gabi Cirlig, a cyber security researcher at White Ops, told Forbes that there is evidence of Clean Master collecting users’ web browsing details illegally. These details include search engine queries of users, which websites they are browsing via “private” browser, the search patterns of the visited websites and Wi-Fi access point names.

“Technically speaking, they have a privacy policy that covers kind of everything and gives them a blank check to exfiltrate everything. I can’t know for sure what they’re infringing upon. It’s just that they are playing ball in a gray area and it’s up to researchers like us to stand up and call foul whenever they think that they cross the line. I personally think that they cross the line,” Cirlig said.

Several apps from Cheetah Mobile, including Clean Master, collected browsing data from Android phones

Cheetah mobile, the Beijing-based creator of Clean Master, said they needed to store the user details to keep them safe and offer them useful services. Cirlig claims that three other Cheetah products – namely CM Launcher, CM Browser and Security Master- keep tabs on users’ web activities and data collected by these apps are encrypted by Cheetah Mobile and stored in a web server named

Cheetah’s spokesperson told Forbes that they are accumulating user data, web traffic and WIFI network names mainly to ensure the websites visited are safe and that users are not connected to harmful Wi-Fi networks. “We do not collect data to track users’ privacy and we have no intention to do that,” he added.

In response to this, Paul Bischoff, Privacy Advocate at Comparitech, told Teiss that the significance of Clean Master’s ban from Google Play shouldn’t be understated as Cheetah Mobile has been the third-biggest Android app publisher on Google Play behind only Facebook and Google itself.

“Clean Master was its most popular app to date, once the sixth-most downloaded Android app in the world. Long before TikTok caught on, Cheetah Mobile was one of the only Chinese app makers to successfully break into markets outside of China, accounting for 50% of its user base. Most of these users were owners of cheap Android phones who used Cheetah Mobile’s utility apps to boost speeds and free up memory.

“These apps claim to require intrusive permissions to function, giving Cheetah unfettered access to info about its users. Cheetah Mobile also acquired three western ad networks. I suspect it harvested data from users to feed its advertising algorithm, and at some point stepped over the line of what’s acceptable to Google. Given the company’s record of other apps being banned, I wouldn’t touch any Cheetah Mobile app with a ten-foot pole,” he added.

ALSO READ: BeiTaAd adware that renders smartphones unusable found in 238 Play Store apps

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]