SHAREit has been one of the most popular apps on the Play Store, used excessively for transferring files, images, and even APK files from one device to another. Reports now have it that there are several security flaws in the popular app and that Google has been informed about the same. The Lenovo developed app, which is now a company by itself, has vulnerabilities that can be abused to leak sensitive user data and “execute arbitrary code” with app permissions.
The vulnerabilities in the app were first reported by Trend Micro, which informed that the popular SHAREit app had several vulnerabilities or security flaws. According to Trend Micro, the developers were informed of the vulnerabilities in the SHAREit app about three months back, but they did nothing to address it.
Reportedly the security flaws impact the Android version of the SHAREit app. The alleged bug can be used to run malicious code on devices where the app is installed. The major reason for this is the lack of proper restrictions on who can access the app’s code.
Any hacker can gain access to SHAREit through a malicious app or from in the middle of a file sharing activity to send out a malicious command to the SHAREit app. This can be done to write a custom code, install an app or overwrite the local files in the SHAREit app, without the user getting to know of it.
The information regarding the possible vulnerabilities, which includes insecure storage of app resources in phone’s storage space that is shared with other apps where they can be edited or deleted by the potential hacker, was recently published. This was done considering the users could be affected by attacks and there could be a compromise of sensitive data since the app developers showed no signs of dealing with the reported vulnerabilities.
Source: Android Community