Categories: MobileNews

UC Browser exposed 600 million Android users to MITM attacks

UC Browser is the most famous internet browser on the Google Play Store after Chrome. It has 500 million-plus downloads of main UC Browser and 100 million downloads of UC Browser Mini on all android devices. According to the report, all the users of UC Browser android applications are at risk since it has exposed them to the MITM attacks.

The MITM attack is a man-in-the-middle attack in which the attacker comes between the user and application. The attacker can also alter the communications between the two parties.

The flaw was pointed out by researchers of ZScaler, as they discovered that after downloading APKs from third party store away gets opens for MITM attacks that puts 600 million android users on risk. While investigating the issue they found out that the browser makes requests for additional APK from a specific domain “9appsdownloading”.

This activity violates the Google Play Store policy, as it says “An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g., dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine and has limited access to Android APIs (such as JavaScript in a webview or browser).”

The APK file downloaded from a third-party app store 9Apps by the package name of com.mobile.indiapp, allows the attacker to perform harmful activities in the device. Once you install the application, it starts scanning the phone and allows more applications to install from a third-party app store with the domain of 9appsdownloading.

Google confirmed that it has taken action on the issue and also contacted the UCWeb to “update the apps and remediate the policy violation.”

Sponsored
AbuBakar

Share
Published by
AbuBakar

Recent Posts

Rumors Indicate iPhone 17 May Feature Unconventional Camera Design

Apple is reportedly preparing for a significant design overhaul with its iPhone 17 series, blending…

5 hours ago

First AI-Powered Teacher Launched in Pakistan’s Private School

Karachi: A private school in Karachi has unveiled Pakistan’s first AI-powered teacher, a groundbreaking move…

7 hours ago

Yahoo Surprises Users with Its Latest Android Launcher

Third-party apps have long been a staple of the Android ecosystem, but their appeal has…

8 hours ago

Phase-II Review of PTCL-Telenor Deal Finalized by CCP

ISLAMABAD: The Competition Commission of Pakistan (CCP) has completed its Phase-II review of Pakistan Telecommunication…

8 hours ago

Xiaomi’s SU7 Achieves New Production Record, Driving Q3 Growth

Xiaomi has shattered records by producing 100,000 vehicles in just 230 days. This is nearly…

9 hours ago

Teachers Can Now Access OpenAI’s Free AI Course

OpenAI, in collaboration with nonprofit organization Common Sense Media, announced on Wednesday the launch of…

10 hours ago