It seems like not all that much time goes by before a brand new threat emerges that makes it all the more difficult for people to trust the tech that they are using at any given point in time. The latest threat that has emerged involves the extremely popular UC Browser as well as the numerous mini apps that this browser has to offer the people that have ended up downloading it up until this point in time.
The manner in which security threats have emerged involves this app downloading a third party Android Package Kit onto the external storage of the users that are using the app. According to Zscaler, this is a clear violation of the terms of use that all apps have to adhere to in order to be available on the Google Play Store, and there is a very good reason why this sort of thing is not allowed.
A big part of the reason why something like this is not allowed has to do with man in the middle attacks (MiTM). If apps send data packages to users over unprotected channels like this, these data packages could be intercepted and modified by malicious actors who would then be able to use these unregulated channels to send all kinds of malware to users that have no idea that their phone is about to be assaulted by a wide variety of programs that would make their device pretty much impossible to use.
The only mechanism that apps can use to send APKs to their users is through an official update that occurs through Android’s official channels, and UC browser failed to adhere to this policy. The app has now fixed these issues, but the fact that an app was able to do this in the first place will make a lot of people quite nervous about the apps that they are downloading on their Android phones.
Read next: New Hacking Technique Uses WAV Files
The manner in which security threats have emerged involves this app downloading a third party Android Package Kit onto the external storage of the users that are using the app. According to Zscaler, this is a clear violation of the terms of use that all apps have to adhere to in order to be available on the Google Play Store, and there is a very good reason why this sort of thing is not allowed.
A big part of the reason why something like this is not allowed has to do with man in the middle attacks (MiTM). If apps send data packages to users over unprotected channels like this, these data packages could be intercepted and modified by malicious actors who would then be able to use these unregulated channels to send all kinds of malware to users that have no idea that their phone is about to be assaulted by a wide variety of programs that would make their device pretty much impossible to use.
The only mechanism that apps can use to send APKs to their users is through an official update that occurs through Android’s official channels, and UC browser failed to adhere to this policy. The app has now fixed these issues, but the fact that an app was able to do this in the first place will make a lot of people quite nervous about the apps that they are downloading on their Android phones.
Read next: New Hacking Technique Uses WAV Files