Android app downloaded one billion times from Play Store poses serious risk to your phone

When you subscribe we will use the information you provide to send you these newsletters.Sometimes they’ll include recommendations for other related newsletters or services we offer.Our Privacy Notice explains more about how we use your data, and your rights.You can unsubscribe at any time.

If you own an Android smartphone or tablet, you need to sit-up and listen. A popular Google Play Store app, known as SHAREit, which has been downloaded one billion times and received millions of positive reviews has “several” vulnerabilities. Security experts from Trend Micro discovered these issues, which can be leveraged by bad actors to gain access to sensitive data.

Hackers can use these vulnerabilities to execute arbitrary code and to possibly launch remote code execution attacks. The flaws could also let hackers run Man-in-the-disk (MITD) attacks, which can be used to crash a victim’s Android device.

Trend Micro published their findings on Monday, and at the time said the vulnerabilities in SHAREit hadn’t been fixed. According to the security experts, they had reported their findings to the SHAREit makers three months ago, and yet, the issues in the popular Android app still remain.

Trend Micro has also informed Google about the SHAREit vulnerabilities.

Google Play Store: How to update on an Android device

Outlining their findings online, Trend Micro said: “We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).

“In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.

“SHAREit has over 1 billion downloads in Google Play and has been named as one of the most downloaded applications in 2019. Google has been informed of these vulnerabilities.”

According to the Google Play Store, the last time SHAREit was updated was on February 9, which was prior to the Trend Micro research was published. The file-sharing app, which lets users exchange photos, music, videos and GIFs, in total has 1.8billion users worldwide. In fact, according to App Annie, SHAREit was one of the top 10 most downloaded apps in the world in 2019.

And on the Google Play Store it boasts a 4.1 average rating based on 15.542million reviews. Trend Micro went on to add: “We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable.”

Until these vulnerabilities get patched out, you could always delete SHAREit from your Android device to be on the safe side. And if you have an anti-virus installed from a provider such as Trend Micro then be sure to run a scan to double check no malware has crept onto your device.

Source: Read Full Article