500+ Million UC Browser Android Users Exposed to MiTM Attacks. Again.
For the second time this year, security researchers discovered that the popular Android browser apps UC Browser and UC Browser Mini exposed users to man-in-the-middle (MiTM) attacks by downloading third-party components via insecure connections.
In August of this year, Zscaler ThreatLabZ researchers analyzed the two browsers, which have a total of 600 installations on the Google Play Store, only to discover that they downloaded a third-party Android Package Kit (APK) over an unsecured channel. This puts users at risk and also constitutes a violation of Google’s terms and conditions, because Android apps “may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play.” In March of this year, Doctor Web researchers had noticed similar behavior by UC Browser that put users at risk of MiTM attacks. Both issues have now been resolved.