BEIJING—Western intelligence agencies explored tapping Google Inc. and Samsung Electronics Co. mobile-software stores as well as a mobile Web browser now owned by China's Alibaba Group Holding Ltd., according to a document leaked by former U.S. contractor Edward Snowden.

The news comes two years after Mr. Snowden's disclosures prompted U.S. technology companies to call on Washington to reform surveillance practices, while it has also fueled criticism from U.S. allies such as Germany. With the mobile browser, called UC Browser and popular in much of Asia, the disclosure comes as cybersecurity becomes a source of increasing tensions between Washington and Beijing.

Spokesmen for Google and Samsung declined to comment.

An Alibaba spokeswoman said the company hasn't seen the document but that it had no evidence that any user information has been taken. To address concerns, Alibaba's UCWeb mobile-browser arm has asked UC Browser users to update their software to the latest version, Alibaba said.

"We strongly object to anyone who might seek to target our users' data or personal information," a spokeswoman said.

The document was reported on Thursday by the Intercept—a news website that has been a conduit of leaks from Mr. Snowden, a former U.S. National Security Agency contractor—and Canada's CBC News. The NSA has said its operations are "strictly conducted under the rule of law."

The document, a slide presentation describing work done in 2011 and 2012, showed that intelligence agencies including the NSA and its peers in Canada, the U.K., Australia and New Zealand discovered that they could tap connections between app servers in other countries and their customers. The document said agency officials saw the potential to launch what are called man in the middle attacks, in which a person's electronic device is tricked into thinking it is relaying data to a legitimate destination. It also cited the potential for "harvesting data at rest" and "harvesting data in transit."

The document cites "fingerprints deployed" in Samsung and Android Marketplace servers, without explaining the term. Android Marketplace is now called Google Play.

With UC Browser, the agencies also found that the app was leaking information such as codes that could identify users of cellular networks, their mobile phone numbers, SIM card numbers and device details, the document indicated.

The agencies' spies found that unspecified operatives responsible for covert activity in Western countries used the app as a secret channel to discuss their operations, according to the document. In it, this channel is described as providing a spying opportunity "where potentially none may have existed before." In the document, which both news outlets posted online, the details about the operatives and their country of origin have been redacted.

The governments and embassies of the U.S., Australia, New Zealand and Canada didn't immediately respond to emailed requests for comment. The U.K. embassy in Beijing said the government doesn't comment on intelligence matters.

Besides China and India, UC Browser is also popular in Pakistan, Indonesia and Russia, according to the website of the browser's operator, UCWeb. The activity and weaknesses described in the document predate Alibaba's acquisition of a majority stake in its parent, UCWeb, in 2013. It now owns the entire company.

Citizen Lab, a Toronto-based human rights research group, in a report Thursday said its researchers found that UC Browser poorly secured data that was transmitted by the app. It said the app used weak or no encryption, allowing for leaks of information that could identify users, their locations, their devices, and the search queries that they have made.

The group said it launched the analysis after being approached by CBC News and the Intercept but that it didn't know whether the problems it identified were the same as those referred to in the document provided by Mr. Snowden.

Citizen Lab said it disclosed its findings to Alibaba and UCWeb last month and that it tested the latest version of the app downloaded from UCWeb's China site on Tuesday. It found that that version of the app didn't appear to send location data insecurely but that other issues remained, such as the lack of encryption on search queries. Alibaba didn't immediately respond to a request for comment about Citizen Lab's findings about the updated app.

Jonathan Cheng in Seoul contributed to this article.

Write to Gillian Wong at gillian.wong@wsj.com

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P5089

Access Investor Kit for Google, Inc.

Visit http://www.companyspotlight.com/partner?cp_code=P479&isin=US38259P7069

Subscribe to WSJ: http://online.wsj.com?mod=djnwires

Alibaba (NYSE:BABA)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Alibaba Charts.
Alibaba (NYSE:BABA)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Alibaba Charts.