LASER_oneXM

Level 33
Verified
The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers altogether.

According to a Google support document regarding Google Play "Privacy, Security, and Deception", Android apps "distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play."

"Anyone who has installed this software may be in danger. Doctor Web has detected its hidden ability to download auxiliary components from the Internet," as detailed in Doctor Web's analysis. "The browser receives commands from the command and control server and downloads new libraries and modules, which add new features and can be used to update the software."
 

spaceoctopus

Level 15
Verified
Content Creator
I remember to have read an article about the Indian army doing some research and analysis of apps installed on smartphones. Most of these apps had serious security flaws and backdoors, and most of them were from china. Some well know and popular products such as Cleanmaster and DU optimizers and battery savers, and among them UC web browsers.

Sadly it's exactly for those reason that makes this browser shady, that people love to use it. Nice interface, lots of bells and whistles, fast downloads, video downloading, the ability to make money. It is particularly popular in poor and developing countries. Adding all these features in a small browser like that needs a lot of resources and data. Obviously the reason why it talks to a lot of IPs in china. Nice find by DrWeb(y)