Google Removes UC Browser From Google Play

Adjust Comment Print

Android's Accessibility Services are created to help developers make their apps easier to use for those with disabilities.

If a user grants an app accessibility permission, they are allowing it to have a relatively invasive level of access to data on the phone and from within apps, which would generally be used to provide things such as text-to-speech. Even popular apps like LastPass, Tasker and Status use accessibility services for various, apparently unintended purposes. "Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy". The browser has a userbase of 420 million globally - racking up 500 million downloads on the Play Store last month - with over 100 million coming from India. You can learn more about the Accessibility Services API at the Android Developers website.

There's no statement as to why the app was taken down, but the prevailing theory on Reddit is that the malicious redirect ads served up by UC Web's affiliates to inflate installs prompted Google to take action and delist the browser. It also states that if they fail to do so within 30 days, the app will be removed from Google Play. "Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts", the email reads further.

With the accessibility API, apps can access lots of powerful commands that let them function a bit like a system-level app, and the legitimate, non-accessibility uses are nearly endless. Apps that also allow users to "autofill passwords, copy content to clipboards and automate tasks" use Accessibility Services to provide full functionality. This in turn, can be used by a bad actor to enable malicious activity such as a phishing exploit, keylogger, or ransomware attack.