Major Security Issues Found With Popular Android App

February 27, 2021

Written by wukovits

Do you use the app “ShareIt?”

It’s one of the most popular apps in the ecosystem, boasting more than a billion downloads from Google’s Play Store and nearly 2 billion downloads overall (including the Windows, iOS and MacOS ecosystems). On top of that, its original creator, Lenovo, preinstalled it on all Lenovo phones, which may have been the means by which you first encountered the app.

All that to say, it’s a hugely popular app and was in the top ten most frequently downloaded titles in 2019, so it has an enormous footprint.

Recently, Trend Micro conducted a security audit of the app, and their findings may make you rethink your use of it. According to the report the company published not long after their research was complete, they found several major security flaws that would allow for arbitrary code execution, which could result in the complete compromise of the target system.

Unfortunately, the security issues stem from a number of unfortunate design decisions that left the software incredibly vulnerable. One example of this is the fact that the app demands extensive permissions that gives it complete control over the entire storage system, access to all media files on the device, the ability to install or delete apps, create accounts, and more.

Adding to the problems with the app is the fact that its ‘private storage’ mechanism is anything but. An analysis of the code reveals that the ‘android:exported’ variable is set to False, but the AndroidGrantUriPermissions variable is set to True, which means that literally any third party entity can gain temporary read/write access to the user’s data.

Trend shared their findings with ShareIt’s development team more than three months ago, and to date, the developers have not patched any of them. So it’s as vulnerable today as it was when Trend first published their report. If you are a current user, you may want to consider uninstalling it until the company tightens up their security.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Send us a message

Your message was sent.