![]() In our research, we came across a recent Dr. ![]() The APK was downloaded over an unsecured channel (HTTP over HTTPS), opening the possibility for man-in-the-middle (MiTM) attacks. It is possible that this functionality is still under development or there may be other reasons it wasn’t installed, such as exception, disabled unknown-sources option, or rooted device.Ģ. Communication over an unsecured channel This restriction does not apply to code that runs in a virtual machine and has limited access to Android APIs (such as JavaScript in a webview or browser).”ĭuring our analysis, we found the APK being dropped on external storage but we did not find the APK being installed. so files) from a source other than Google Play. Likewise, an app may not download executable code (e.g., dex, JAR. “ An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. This functionality of dropping another APK from a third-party source clearly violates Google Play’s policy, which includes the following: 3: UC Browser app icon and initial Android activityĪfter some initial requests for news and notifications, the app sends multiple requests with redirections and finally drops an APK on to the user’s device. The screenshot below illustrates the chain of requests and redirects taking place:įig. As soon as the app is installed, it displays basic activities (Android screens) to set up default language, topics of interest, location, and so on.įig. Upon finding the UC Browser app as the main culprit, we decided to dig deeper into our analysis of the app. Update: After Google's intervention, the Zscaler research team noticed that the latest version of both the apps, UC Browser and UC Mini, have stopped downloading the third-party app store. Google contacted UC developers to update the apps and remediate the policy violation. September 27, 2019: Google confirmed policy violation by UC Browser and UC Mini. ![]() Case assigned to an investigation team.Īugust 13 – September 25, 2019: Follow-up emails with research details. It is important to note that these issues have the potential to affect millions of Android users because the UC Browser app has been downloaded 500 million+ times and UC Mini has been downloaded 100 million+ times. The ThreatLabZ team has been in contact with Google, whose teams are investigating the apps.Īugust 13, 2019: Zscaler reported policy violation to Google.Īugust 13, 2019: Google promptly responded. The screenshot below shows UC Mini on Google Play. We found another app called UC Browser Mini from the same developer with the same functionality and issues, and it dropped the same additional APK from a remote server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |