UC Browser Exposed Millions of Android Users to Malicious Attacks

UC Browser is a very popular internet browser on Android with features including Ad blocking, Night Mode, Facebook Mode, etc. It currently has more than 500 million downloads, and as it turns out, millions of these users were exposed to the risk of cyberattacks.

A team of researchers from ZScaler discovered that UC Browser and UC Browser Mini exposed users to man-in-the-middle (MiTM) attacks by downloading APKs (Android Package Kits) from third-party stores over unsafe channels.

This is a direct violation of Google PlayStore’s policies that apps “distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism”. Apps are also not allowed to download executable code from sources other than Google Play.

The researchers manually downloaded the mysterious APK file to dig deeper into the issue. They ended up with another app store on the device named “9Apps” which not only scanned the device for installed apps but included several adult apps too.

The researchers reached out to Google to report the issue and exchanged emails with the company until last month. Google confirmed the issue a few days later and communicated the UC Browser’s developer (UCWeb) to “update the app and resolve the policy violation immediately”.

Soon afterward, UCWeb fixed the issue in both the browsers and Google later confirmed that the apps did indeed stop downloading APKs from third party sources.


  • A potentially dangerous updating feature has been present in the UC Browser since at least 2016. Although the application has not been seen distributing trojans or unwanted software, its ability to load and launch new and unverified modules poses a potential threat. It’s impossible to be sure that cybercriminals will never get ahold of the browser developer’s servers or use the update feature to infect hundreds of millions of Android devices.


  • >