How to block access via UC Browser on Android

Comments

21 comments

  • Avatar
    rotblitz

    If you want to block access from the UC Browser app to UC's proxy and other servers, then you'll want to blacklist at least the following domains at your OpenDNS dashboard:

    • ucweb.com
    • amap.com
    • alibaba.com
    • umengcloud.com
    • uc.cn
    • sm.cn
    • umeng.cloud

    (The domain information derived from this article.)

    You may detect more UC Browser related domains at
    https://dashboard.opendns.com/stats/all/topdomains

    0
    Comment actions Permalink
  • Avatar
    s_o

    Thanks rotblitz.. I'll include all these domains and give feedback. I included couple of them earlier today which I saw in the log.. but couldn't test.

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    "I included couple of them earlier today which I saw in the log."

    Think about, you do not need to enter any subdomains.  This is just a waste of the blacklist entries.  For example, entering ucweb.com blocks this and all its subdomains *.ucweb.com already.

    And yes, please report back your test results.  My findings were based on the article I linked to, without really testing it.  I have never used an UC Browser.

    0
    Comment actions Permalink
  • Avatar
    s_o

    Also, I have different IP address when accessing via UC Browser which also says 'Confirmed Proxy Server'

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Sorry, I'm unsure that I understand what you mean by this.  Where do you see this different IP address, and what is it different from?

    0
    Comment actions Permalink
  • Avatar
    s_o

    When I visit whatismyipaddress.com from Chrome browser, I get my correct IP address. But when I visit this site from UC Browser, I get some different IP address of California, US.. much like when we use VPN service. So as suspected UC Browser acts like VPN + proxy which makes it skip the opendns restrictions

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    Ah good, now I understand!  Yes, this is a definitive indication of a proxy being used.  There are now two possibilities:

    • Their proxies are accessed with use of DNS, so they must have domain names.  In this case access can be blocked with OpenDNS while blacklisting these domains unless the UC Browser does not use the DNS configured on your network, but another DNS service, similar as Google Chrome does it.
    • Their proxies are accessed directly via IP addresses, so DNS is not involved at all and cannot be blocked by OpenDNS, but can be blocked most likely by blocking their IP address ranges and/or dedicated ports on the router.
      Important: This may not be the IP addresses you will be seeing on websites like http://myip.dnsomatic.com/ because proxies are a "man in the middle", normally having an IP address for inbound and a different one for outbound.

    My idea to narrow this down would be to install the UC Browser on a PC and run a sniffer like Wireshark to see what kind of traffic is going on.  This will definitely allow to find out how their proxies are being accessed and therefore how to block them.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Further researches revealed this:

    http://wapreview.com/19645/

    UC Browser Mini is proxy browser like Opera Mini or Nokia Xpress. It uses a cloud service to retrieve and render Web pages and compress them before sending them to the thin client browser on the phone. The proxy architecture has the advantage of greatly reducing the amount of data sent over the mobile network. Browsing with UC Browser Mini typically uses 80% less mobile data than with a conventional direct browser like the Android Browser.

    UC Browser Mini is actually a dual mode browser. It has proxy mode (called Speed Mode) and a direct mode that bypasses the proxy and uses the Android Webkit browser engine directly access the web. Users can switch between Speed and Direct mode using a button in the left corner of the browser's header.

    https://citizenlab.org/2016/08/a-tough-nut-to-crack-look-privacy-and-security-issues-with-uc-browser/

    Unlike the Windows version, the Android version of the browser proxies HTTP requests through UC servers that perform data compression and accelerated browsing.  The browser proxies HTTP requests through a server assigned to the browser in the response to the request to ucus.ucweb.com described earlier.  We found that when the requested URL is unencrypted HTTP, the communication with the proxy is unencrypted; however, when requesting an HTTPS URL, the communication does not go through the proxy.

    https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=814

    Most of the application traffic passes through proxy servers hosted by a company called MileWeb (www.mileweb.com).

    0
    Comment actions Permalink
  • Avatar
    s_o

    many thanks for such detailed analysis.. I will continue more trials and let you know.

    yes, Wireshark will be best.. but have to get android emulator etc first on my PC

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    I would think you can use also the UC Browser version for Windows.  I expect it to use the same proxies as the mobile browser versions, although I may be wrong:
    Unlike the Windows version, the Android version of the browser proxies HTTP requests through UC servers that perform data compression and accelerated browsing. 

    Only if this still does not help, you can try the Android emulator on a PC with the Android version of the UC Browser.

    0
    Comment actions Permalink
  • Avatar
    s_o

    nothing has worked so far.. and UC Browser can open all sites without any issues :(

    0
    Comment actions Permalink
  • Avatar
    s_o

    to add further..
    Youtube.com is blocked..
    but m.youtube.com is not getting blocked.. wondering why..

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    0
    Comment actions Permalink
  • Avatar
    s_o

    Hi rotblitz.. I meant this only for UC Browser.. On all other browsers m.youtube.com is blocked as my dashboard settings is to block everything for Youtube.com

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    Weird.  As I don't use UC Browser, I cannot find out, and I ran out of ideas.  All I know is that UC Browser uses proxies and stuff, and these circumvent a lot, including your DNS configuration.  This is what my researches have shown.

    The next step would be to follow your plan with the PC Android emulator or to visit Android forums to maybe find someone who knows how this UC Browser works or to point you at Android debugging tools which are able to measure what this UC Browser does.

    0
    Comment actions Permalink
  • Avatar
    s_o

    Using Lagado proxy test I could find that UC browser is using proxy via IP 8 37 233 217

    I am not able to find domain used by this IP address.. I guess if I block that domain then maybe UC traffic will get blocked?

    hcidata.info/host2ip.cgi says it is not able to find domain of this IP..

    0
    Comment actions Permalink
  • Avatar
    mattwilson9090

    If you can identify the domain then OpenDNS can block it for you. However, not all IP addresses are associated with a domain, and it's entirely possible that this browser directly calls that IP address rather than using a domain

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    0
    Comment actions Permalink
  • Avatar
    jrajib

    I think I have found a simple solution for this problem. 

    For android UC Browser go to settings > Cloud Boost > un-check both Mobile Network & Wi-Fi Network. 

    This fixes my problems of not blocking my desired websites by opendns solution. I have tested this for some websites and got positive results from each one. I hope this fixes your problems. 

    0
    Comment actions Permalink
  • Avatar
    s_o

    Hi jrajib.. thanks.. Yes this solution we know, but this has to be maintained on each client. What I am looking at is domain settings instead of each individual phone to update settings, as we may not be able to get each device and change settings.

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    You may not be successful with blocking by domain names, but may need to go for the proposals outlined in my other comment above which is about blocking ports and/or IP address ranges on the router.

    See also https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=814

    0
    Comment actions Permalink

Please sign in to leave a comment.