Security researchers from Zscaler ThreatLabZ have discovered three major issues in the UC Browser app. The app also downloads an additional APK from a third party, which even violates the Google Play policy. The app stores the APK on external storage. The major issue that leaves the app vulnerable to MiTM attacks is constant communication over an unsecured channel.
Zscaler said, “The UC Browser app’s use of unsecured channels also allows attackers to install an arbitrary payload on a device that can perform a variety of activities, such as display phishing messages designed to steal personal data, including usernames, passwords, and credit card numbers.”
The security researchers reported the policy violation issue to Google team on August 13th. Google acknowledged the issues discovered by the researchers and demanded UCWeb to update their app with remediate policy violation. The company has updated and fixed the issues in both apps.
The app downloaded an APK from the 9appsdownladoing domain. It saved the apk on an external storage without installing it. It is possible that it might have happened because the functionality was under development at the time when app was being tested. Or because the test device might have some hardcoded condition like “disabled unknown-sources option, or rooted device.
The researchers have also identified other APK download request from the same domain. The process used by UC Browser makes it possible for any malicious app to access the user’s device. While it is not clear why UC developers intended to download third party app, this has created a significant threat for 600 million UC Browser users.