- Reports are circulating this week about a new Android app to be wary of — it’s called SHAREit, an app that has both an iOS and Android version, and it’s been downloaded from the Google Play Store more than 1 billion times.
- The security firm Trend Micro issued a report about the app that cites a number of security flaws which the firm says haven’t been patched for at least a few months.
- The security problems include the possibility that the app could be used for remote code execution, as well as leaking a user’s sensitive personal information.
If you happen to have the SHAREit app installed on your phone, you’ll definitely want to be aware of a new report from the security firm Trend Micro about this particular Android app — which has unpatched security bugs that apparently have gone unfixed for a few months. According to the researchers, this means that the Android version of this app could be used to hijack phones as well as to steal personal data.
Trend Micro says that the vulnerabilities in the Android version of the app, which has been downloaded more than 1 billion times, “can be abused to leak a user’s sensitive data, execute arbitrary code, and possibly lead to remote code execution.” And while the problems haven’t been fixed as of the time of this writing, Google has reportedly been told about the issues. It’s also important to note — none of this applies to the IOS version of the app, per Trend Micro.
SHAREit, which lets you share files with other users who have this same app on their phone, was named as one of the most downloaded apps in 2019. Nevertheless, this new report says that the vulnerabilities that were discovered “can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app … In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.”
The problem would result from a malicious app or code installed on the Android device in question, which is what could take advantage of the SHAREit vulnerabilities. Included in the Trend Micro report was a screenshot of the SHAREit Google Play Store page showing a most recent app update on January 26 of this year. As of Tuesday, February 16, however, the Google Play Store page for the app is showing that the app was updated on February 9.
“We decided to disclose our research three months after reporting this, since many users might be affected by this attack because the attacker can steal sensitive data,” Trend Micro’s Echo Duan and Jesse Chang wrote in their report.