so files) from a source other than Google Play. Likewise, an app may not download executable code (e.g., dex, JAR. “ An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. This functionality of dropping another APK from a third-party source clearly violates Google Play’s policy, which includes the following: 3: UC Browser app icon and initial Android activityĪfter some initial requests for news and notifications, the app sends multiple requests with redirections and finally drops an APK on to the user’s device. The screenshot below illustrates the chain of requests and redirects taking place:įig. As soon as the app is installed, it displays basic activities (Android screens) to set up default language, topics of interest, location, and so on.įig. Upon finding the UC Browser app as the main culprit, we decided to dig deeper into our analysis of the app. Update: After Google's intervention, the Zscaler research team noticed that the latest version of both the apps, UC Browser and UC Mini, have stopped downloading the third-party app store. Google contacted UC developers to update the apps and remediate the policy violation. September 27, 2019: Google confirmed policy violation by UC Browser and UC Mini. Case assigned to an investigation team.Īugust 13 – September 25, 2019: Follow-up emails with research details. It is important to note that these issues have the potential to affect millions of Android users because the UC Browser app has been downloaded 500 million+ times and UC Mini has been downloaded 100 million+ times. The ThreatLabZ team has been in contact with Google, whose teams are investigating the apps.Īugust 13, 2019: Zscaler reported policy violation to Google.Īugust 13, 2019: Google promptly responded. The screenshot below shows UC Mini on Google Play. We found another app called UC Browser Mini from the same developer with the same functionality and issues, and it dropped the same additional APK from a remote server. Dropping an APK on external storage (/storage/emulated/0) – allowing other apps, with appropriate permissions, to tamper with the APK. We decided to explore further into the UC Browser app and found the following issues, which will be discussed in detail in this blog:ĭownloading an additional APK from a third party – in violation of Google Play policyĬommunication over an unsecured channel – opening doors to man-in-the-middle attacks so files) from a source other than Google Play.” Downloading and/or updating components from a third-party source violates Google Play policy, which states: “ An app may not download executable code (e.g., dex, JAR. Upon analysis, we found these requests being made from a popular browser that's available on Google Play and has more than 500 million downloads to date: the UC Browser app.Īs we began to analyze the UC Browser app, we found that the requests were being made to download an additional Android Package Kit (APK) over an unsecured channel (HTTP over HTTPS). Recently, when examining the Zscaler cloud for unusual activity, ThreatLabZ researchers found some questionable hits in relation to a particular domain: 9appsdownloadingcom.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |