This file-sharing app with over a billion downloads has some major security flaws

The app continues to be one of the most popular downloads on the Google Play Store

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of the most popular Androidfile sharingapps has several vulnerabilities that haven’t been fixed by its developers for over three months, new research has claimed.

Security researchers atTrend Microdiscovered the shortcomings in theShareIT appthat if exploited, can not only leak a user’s sensitive data, but can also execute arbitrary code on the device.

More worryingly, the vulnerabilities were brought to the attention of the app’s publishers over three months ago, but have seemingly decided to ignore the report.

Improper defaults

Improper defaults

“We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission,” noted Trend Micro in itsreport.

Even more worryingly, the researchers add that any attacks launched by exploiting these vulnerabilities will be hard to detect as they masquerade the legitimate operations of the app.

While discussing the vulnerabilities in detail, the researchers say that the flaws exist because the app implements its sharing functions with improper settings that leave it prone to abuse.

The researchers were able to successfully exploit the vulnerabilities with a proof-of-concept app to gain temporary read/write access to the data on the device, and even managed to run arbitrary code on the device.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Since ShareIT’s developers failed to respond to the researchers, they’ve also brought it to the attention ofGoogle- however, there has been no response as yet, and the app still continues to be listed on the official AndroidPlay Store.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’