By 
The popular UC Browser apps, with a whopping 600 million Play Store installs, uncovered their users to man-in-the-middle (MiTM) from a third-party server over vulnerable channels.
Available from the Google Play Store, UC Browser reportedly made some highly dubious moves once downloaded, many of which go against Google’s specified app policies. It has over 500 million downloads.
The Google rules wrecked comprise changing the app, which is done when a third-party Android Package Kit is released onto the device, communicating over an indiscreet channel and dropping an APK into outside storage.
Sent through HTTP, the third-party Android Package Kit is released is not actually installed, but just exists in in the outside storage. The fact that the APK does nothing has bewildered the researchers, but the working theory is the full functionality may still be in the development stage or it simply is having difficulties completing the install process.
“It is too early to determine exactly what the UC Browser developers intended with their third-party APK, but it is clear that they are putting users at risk. And with more than 500 million downloads of UC Browser, that is a significant threat,” the report said.
ThreatLabZ went the extra mile and physically installed it to see what would occur and found it to be a third-party app store named 9 Apps.
Even if the APK is not unsafe by means of an unsecured channel to download, it opens the user to MiTM attacks that can lead to additional downloads, espionage, displaying phishing messages that could lead to data being pilfered.
While these apps can be downloaded, the connection with 9 Apps also remains in the background with ThreatLabZ noticing that in the subsequent weeks the 9 Apps domain tried to push through additional APKs to the device.
Zscaler, through several detections, found that 9 Apps was not found to be a devoted malicious site.
Google was informed of what was emerging and the ThreatLabZ team noted it then no longer downloaded the third-party app store.
