Attention ShareIt users, Android app with over 100 crore downloads marred by several security flaws

By: |
February 18, 2021 6:44 PM

ShareIt requires users to give it access to all of the storage and media of the users, including the camera, microphone, as well as location.

The report by Trend Micro also said that the private storage of ShareIt is open to the world.

ShareIt app: Cyber security company Trend Micro has said that the ShareIt Android app, which has over 100 crore downloads on the Google Play Store, has several security flaws. As per the company, the app has vulnerabilities that can be exploited and sensitive data of users can be leaked because of it. Arbitrary codes can also be executed with the app’s permission due to these vulnerabilities. The app had originally been developed by lenovo and then eventually spun off into its own separate company. But for some time, it came pre-installed in Lenovo phones.

ShareIt requires users to give it access to all of the storage and media of the users, including the camera, microphone, as well as location. Apart from this, the app also can delete other apps, create accounts and set passwords and run at startup among much more, and it also has complete network access. Remote code can be executed if the app is compromised. However, Trend Micro has said that it brought these issues to the notice of ShareIt three months ago, but the company has yet to do anything about it.

ShareIt became a very popular sharing platform, with 1.8 billion global users across various platforms, however, it has also diversified into a platform offering infinite online videos, millions of songs in high quality and having a social network-like media section. It also has a game store and a retail section to download movies. ShareIt also has a website which also does not default to HTTPS.

The report by Trend Micro also said that the private storage of ShareIt is open to the world, and along with it, it has its own Android app installer. While such an installer needs to be protected with private storage, ShareIt does not have that, meaning that once the install package is downloaded in the public storage, an attacker can swap the package with the malicious one after it has been downloaded but before it is installed. This would lead users to believe that they were downloading a trusted app, but would end up installing a malicious one instead.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1iPhone 13 series decoded: Hands-on, first impressions and everything to know about Apple’s latest iPhones
2Twitter expands Tips globally with Bitcoin support, looks to bring recording, replaying options to Spaces
3Realme Band 2 with SpO2 monitor, up to 12-day battery life launched in India; undercuts Xiaomi Mi Band 6 in price