UC Browser is a extremely popular web browser on android with options as well as Ad obstruction, Night Mode, Facebook Mode, etc. It presently has over five hundred million downloads, and because it seems, innumerable these users were exposed to the chance of cyberattacks.
image source : ucweb.com
A team of researchers from ZScaler discovered that UC Browser and UC Browser mini exposed users to man-in-the-middle (MiTM) attacks by downloading APKs (Android Package Kits) from third-party stores over unsafe channels.
This is an on the spot violation of Google PlayStore’s policies that apps “distributed via Google Play might not modify, replace, or update itself exploitation any methodology aside from Google Play’s update mechanism”. Apps also are not allowed to transfer workable code from sources aside from Google Play.
The researchers manually downloaded the mysterious APK file to dig deeper into the difficulty. They concluded up with another app store on the device named “9Apps” that not solely scanned the device for put in apps however enclosed many adult apps too.
The researchers reached intent on Google to report the difficulty and changed emails with the corporate till last month. Google confirmed the difficulty many days later and communicated the UC Browser’s developer (UCWeb) to “update the app and resolve the policy violation immediately”.
Soon after, UCWeb fastened the difficulty in each the browsers and Google later confirmed that the apps did so stop downloading APKs from third party sources.
0 Comments