Skip to main content

Major Security Issues Found With Best Android App

By February 27, 2021June 9th, 2021Cybersecurity

Do you use the app “ShareIt?”

It’s one of the best apps in the ecosystem, boasting more than a billion downloads from Google’s Play Store and nearly 2 billion downloads overall (including the Windows, iOS, and macOS ecosystems). On top of that, its original creator, Lenovo, preinstalled it on all Lenovo phones, which may have been the means by which you first encountered the app.

All that to say, the Shareit app was in the top ten most frequently downloaded titles in 2019, so it has an enormous footprint.

 

What are the security risks?

Recently, Trend Micro conducted a security audit of the app, and their findings may make you rethink your use of it. According to the report the company published not long after their research was complete, they found several major security flaws that would allow for arbitrary code execution, which could result in the complete compromise of the target system.

Unfortunately, the security issues stem from a number of unfortunate design decisions that left the software incredibly vulnerable. One example of this is that the app demands extensive permissions that give it complete control over the entire storage system, access to all media files on the device, install or delete apps, create accounts, and more.

 

ShareIT Security Issues

Adding to the problems with the app is the fact that its ‘private storage’ mechanism is anything but. An analysis of the code reveals that the ‘android: exported’ variable is set to False, but the AndroidGrantUriPermissions variable is set to True, which means that literally any third-party entity can gain temporary read/write access to the user’s data.

 
Should users uninstall the ShareIT app?

Trend shared their findings with ShareIt’s development team more than three months ago, and to date, the developers have not patched any of them. So it’s as vulnerable today as it was when Trend first published its report. If you are a current user, you may want to consider uninstalling it until the company tightens up its security.

Chris Forte

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.

Leave a Reply