The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers altogether.
According to a Google support document regarding Google Play "
Privacy, Security, and Deception", Android apps "distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play."
"Anyone who has installed this software may be in danger. Doctor Web has detected its hidden ability to download auxiliary components from the Internet," as detailed in Doctor Web's analysis. "The browser receives commands from the command and control server and downloads new libraries and modules, which add new features and can be used to update the software."