Maxthon spies the users

July 19, 2016

Maxthon browserAccording to the Exatel and Fidelis Cybersecurity, browser Maxthon created by Maxthon International Limited is insecure. The browser collects private information of the users even if they disallow doing it. Gathered data is transferred to the remote server in China.

They say the problem is connected with the option User Experience Improvement Program (UEIP) built-in in the browser Maxthon. The option allows gathering analytical data about application usage. All the companies are considered to do the same including Firefox and Chrome, but Maxthon differs a little bit.

As experts have stated, the browser collects more information than it is necessary. Maxthon is interested in following data: operating system version, screen resolution, processor horsepower, storage capacity, file allocation, pop-up blocker, what home page is, browsing history of a user, search history in Google, installed programs.

Polish company Exatel reports that all the data is packed in file “” which is constantly reported to the server in China. It is performed by the browser itself using HTTP. There’s a coded file “dat.txt” inside. The researchers managed to bypass the code AES-128-ECB using the password «eu3o4[r04cml4eir» which was found out in the codes of Maxthon. There was above-listed information inside the file.

Since the developers of Maxthon didn’t answer the questions from Exatel, the ordinary users tried to know the truth. Replying Maxthon has promised that users can deny taking part in UEIP, so the application will gather less data and not affect private information.

But the last research has shown it is false. The experiment has been conducted. According to it, the option of gathering data was deactivated to check what kind of information would be transferred by the browser. Unfortunately, nothing has changed after deactivation.

After publishing in press, the developers of the browser decided to state that they were pursuing investigation to solve the problem.