UC Browser exposed 600 million Android users to MITM attacks

UC Browser is the most famous internet browser on the Google Play Store after Chrome. It has 500 million-plus downloads of main UC Browser and 100 million downloads of UC Browser Mini on all android devices. According to the report, all the users of UC Browser android applications are at risk since it has exposed them to the MITM attacks.

The MITM attack is a man-in-the-middle attack in which the attacker comes between the user and application. The attacker can also alter the communications between the two parties.

The flaw was pointed out by researchers of ZScaler, as they discovered that after downloading APKs from third party store away gets opens for MITM attacks that puts 600 million android users on risk. While investigating the issue they found out that the browser makes requests for additional APK from a specific domain “9appsdownloading”.

This activity violates the Google Play Store policy, as it says “An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g., dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine and has limited access to Android APIs (such as JavaScript in a webview or browser).”

The APK file downloaded from a third-party app store 9Apps by the package name of com.mobile.indiapp, allows the attacker to perform harmful activities in the device. Once you install the application, it starts scanning the phone and allows more applications to install from a third-party app store with the domain of 9appsdownloading.

Google confirmed that it has taken action on the issue and also contacted the UCWeb to “update the apps and remediate the policy violation.”