UC Browser potentially leaks 500 million users

Researchers at ThreatLabZ recently revealed that UC browser violates the security policy of the Google Play store, and will cause users of its Android version to be in danger. According to the Google Play Store regulations, Android apps uploaded to this platform cannot be updated or modified from third-party sources to ensure the security of the app. However, the UC Browser and the UC Browser Mini violate this rule.

The researchers pointed out that the UC browser will download the Android Suite toolkit from a website with the domain name 9appsdownloading[.]com, which could cause 500 million users to be attacked by a man in the middle attack. In such attacks, hackers can eavesdrop on the communication between the two parties. In addition, users may also face risks such as account information and payment card information disclosure. It is too early to determine exactly what the UC Browser developers intended with their third-party APK, but it is clear that they are putting users at risk. And with more than 500 million downloads of UC Browser, that is a significant threat,” the report said.

Google has now confirmed the violations and asked UC browser developers to correct them as soon as possible. Experts say the UC browser application has had security issues multiple times.