This file-sharing app with over a billion downloads has some major security flaws

By Mayank Sharma
published

The app continues to be one of the most popular downloads on the Google Play Store

System Hardening Android
(Image credit: Google)

One of the most popular Android file sharing (opens in new tab) apps has several vulnerabilities that haven’t been fixed by its developers for over three months, new research has claimed. 

Security researchers at Trend Micro (opens in new tab) discovered the shortcomings in the ShareIT app (opens in new tab) that if exploited, can not only leak a user’s sensitive data, but can also execute arbitrary code on the device. 

More worryingly, the vulnerabilities were brought to the attention of the app’s publishers over three months ago, but have seemingly decided to ignore the report.

Improper defaults

“We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” noted Trend Micro in its report (opens in new tab).

Even more worryingly, the researchers add that any attacks launched by exploiting these vulnerabilities will be hard to detect as they masquerade the legitimate operations of the app.  

While discussing the vulnerabilities in detail, the researchers say that the flaws exist because the app implements its sharing functions with improper settings that leave it prone to abuse.

The researchers were able to successfully exploit the vulnerabilities with a proof-of-concept app to gain temporary read/write access to the data on the device, and even managed to run arbitrary code on the device. 

Since ShareIT’s developers failed to respond to the researchers, they’ve also brought it to the attention of Google - however, there has been no response as yet, and the app still continues to be listed on the official Android Play Store.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

See more Computing news