The file sharing app that downloaded from the Google Play store more than 1 billion times has serious security errors. Photo: Sam Rutherford / Gizmodo
An Android app used by a significant global value segment and has obvious security flaws that can allow an intelligent hacker to steal user data or even hack app activity using unreasonable code.
ShareIt, which claims to have more than 1 billion downloads worldwide, is the manufacturer of Singapore’s Smart Media4U engineer. Its main feature is peer-to-peer file sharing, which gives users the ability to exchange photos, music, videos, gifs, etc. The app, which has been on the road for the past few years, has received its recognition for rapid growth and global reach.
But it is clearly and dangerously malicious software that would allow a bad character to easily leak user data or create improper code by violating ShareIt’s permissions, according to a new Trend Micro report.
Screenshot: Lucas Ropek: Google Play Store / SHAREit
The report indicates that some of the major risks to the app stem from how it shares information with permissions and other applications. Indeed, because of the way Android phones are set up to share information between different applications, the platform has a history of bad characters who try to exploit the system’s internal communication and use it for malicious purposes. Specifically, “bad apps” or programs run secretly by a bad character can seek ways to access data from legitimate apps.
G / O Media may receive a commission
ShareIt is set to basically open doors for other applications when it comes to data exchange through its content provider link. According to researchers, this risk could allow “any third-party organization” to “gain temporary read / write access to content provider data.” This may allow app hijacking to use “custom code, override application location files, or install third-party applications without the user’s knowledge,” ZDNet notes.
Trend Micro investigators have found this risk to their own advantage. By deciphering how apps in the Android ecosystem communicate, they have found that the ShareIt app will share a lot of information, revealing “user-opposed activities, including the ShareIt app’s internal functions.” In a variety of ways, these security errors may ultimately be “aggravated by leaking sensitive user data and creating incomprehensible code with ShareIt permissions,” the researchers wrote.
Perhaps the worst thing about the report is the fact that Trend Micro claims to have shared these security issues with Smart Media4U about three months ago and that the company appears to have done nothing. The report concludes:
We have reported this weakness to the seller, who has not yet responded. We decided to disclose our research within three months of reporting this because more users could be affected by this attack, as the attacker could steal sensitive data and do anything with the permission of the apps.
This isn’t the first time ShareIt has been labeled as a security risk. The app was blacklisted by the U.S. In January, when an anonymous order with a name from Trump White House was listed as one of many “Chinese-connected” requests Americans should stay away from it for fear of where their data would end up. On his way out the door, Trump issued a blitz of such orders aimed at the Asian tech industry, many of which seemed to be designed to challenge the segregation of Chinese companies. Order announces:
The United States has observed that many Chinese software-connected programs automatically capture much information from millions of users in the United States, including sensitive personal and private information. In the meantime, steps must be taken to address the threat posed by these Chinese connected applications …
It is unlikely that a ton of Americans would actually use ShareIt. Industrial stores seem to indicate that the majority of users of the app are in the Middle East, Africa and Asia (recently banned in India, where the government barred the military from using the app due to data security issues). However, if you have uploaded ShareIt and used it for some other reason, it would be good to reconsider that decision.