- Popular app ShareIt has been found to harbor several vulnerabilities.
- These vulnerabilities could be abused by malicious actors to perform remote attacks.
The vulnerabilities detailed could theoretically grant a remote attacker the ability to access and manipulate data on a user’s device using ShareIt’s permissions.
The security firm demonstrates that attackers could use ShareIt’s trusted functions to run malicious commands or install third-party apps. The security flaws could also allow an attacker to replace other apps’ resources on a user’s device, seemingly swapping a legitimate app for a bogus replacement.
ShareIt vulnerabilities, patches, and alternatives
TrendMicro alerted ShareIt’s developer to the issues three months ago, but no patch has been issued yet. The company has also alerted Google of the issues. We’ve reached out to the app’s developers and will update this article if/when we receive a response.
ShareIt is one of the Google Play Store’s most popular apps. Downloaded over a billion times, the app allows users to transfer and share files and links to others. ShareIt was also among the 60 Chinese-developed apps banned in India late last year.
Per its Play Store listing, the app was last updated on February 9, but the update’s changelog fails to mention a patch for the disclosed vulnerabilities. The app remains available to download at the time of writing.
For now, it’s probably a good idea to guard against using ShareIt until the flaws are addressed. Until then, there are a host of alternatives. If you need to transfer files to other Android devices, Nearby Share is an excellent built-in alternative. Files by Google also offers similar functionality. Additionally, there are a number of handy apps for transferring files to your PC if need be.