The Grandstream Wave application version 1.0.1.26 periodically queries the Grandstream server for app updates. If a new update is found, the app shows a notification to the user that either opens the app’s Google Play page or auto-downloads the APK file and opens it for installation. The update information is downloaded over an insecure connection from `media.ipvideotalk.com` and contains the version code and the update URL. An active attacker can redirect this request and trick the user into downloading a malicious update package