Cybersecurity firm Trend Micro has found multiple vulnerabilities in a popular file sharing Android app– ShareIt. It is highly recommended that you stop using ShareIt until the developers fix the security issues. As per a report by Trend Micro, “the vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with ShareIt permissions by using a malicious code or app.”
Hackers can even use the vulnerabilities in the ShareIt app to download and steal files from your phone as the cybersecurity firm believes that the vulnerabilities can potentially lead to Remote Code Execution (RCE). “While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws,” it added.
Trend Micro has already informed Google about the same, however, Google is yet to take any action against the app on Play Store.
The app has over 1 billion users and was one of the most downloaded apps in 2019. The Indian government had banned ShareIt along with TikTok and 57 other apps of Chinese origin in November 2020. So, uninstalling the app for India-based ShareIt users makes more sense, as the app may be an open invitation to malware. Alternatives to ShareIt include AirDrop for iPhones, Wi-Fi Direct on your Android phone, Files Go and others.
Trend Micro said that it reported the issues to ShareIt but did not receive any response. “We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable,” it warned.