Briefing: VidMate, sold by Alibaba’s UCWeb, accused of security breaches

1 min read

A Huge Chinese Video App Is Charging People, Draining Their Batteries, And Exposing Data Without Their Knowledge – BuzzFeed

What happened: London-based mobile security firm Upstream discovered major security issues on a Chinese video-downloads app, VidMate, that potentially affected users in Egypt, Brazil, Myanmar, and other countries. The app, which supports downloads from YouTube, WhatsApp, and other platforms, was originally developed by Alibaba’s subsidiary UCWeb. It is accused of displaying hidden ads, exposing user data, draining mobile data and battery life, and subscribing users to paid services without their knowledge. VidMate responded that it is investigating the claims, and that any suspicious behavior is due to third-party partners and software development kits. In 2018, VidMate was sold to a Guangzhou-based company; app representatives claim that despite an ongoing business relationship, VidMate is independent from UCWeb.

Why it’s important: With more than 500 million installs around the world, VidMate had an audience in developing countries where downloading videos could be more convenient or reliable than streaming. However its security issues, according to Upstream, were significant: the company said it blocked 128 million “suspicious” transactions by the app worth a potential $150 million. The revelation reflects larger issues that plague China’s app ecosystem, despite or perhaps because of its rapid growth in recent years. Regulators regularly single out Chinese apps both large and small for improperly collecting user data, playing fast and loose with permissions on users’ phones, and similar violations. VidMate’s alleged violations, however, may affect a much broader audience across the world, potentially embroiling it in an ongoing international debate about the security of Chinese tech firms.