- ShareIt has been found to have several security flaws in its Android app.
- These flaws expose the data of other apps and can allow hackers to hijack the app.
- It seems right that you delete the ShareIt app from your Android phone right now.
ShareIt, the popular file-sharing app used by millions globally, has emerged as a security haphazard leaving its users vulnerable to malicious activities. According to a report by cybersecurity company Trend Micro, ShareIt app for Android is rife with several security flaws that would allow hackers to steal user data, or worse, hijack the app and its functionalities using arbitrary code. ShareIt was developed by Lenovo originally before it spun off into its own company called Smart Media4U based in Singapore.
In its report, Trend Micro has noted that ShareIt has one too many vulnerabilities that pose a security risk to its 1.8 billion users worldwide. These vulnerabilities have been spotted in the Android app, however, ShareIt is available on iOS, Windows, and Mac, making it one of the top ten most-downloaded apps globally. Perhaps the biggest flaw in the app appears to be Android's mainstay in the operating system. Android allows intra-app communication for providing content within the app without needing to leave it. Now, these abilities of an Android app often comes with red flags that developers need to see and take action against. ShareIt seems to not have done that.
How is ShareIt dangerous to your phone?
ShareIt when making communication with Android's content management system exposes other apps' capabilities. According to researchers at Trend Micro, these flaws can allow "any third-party" entity to "gain temporary read/write access" to the data of the content provider. This essentially means hackers can inject malicious codes into other apps to access their information while hijacking ShareIt to make it a masquerader on the phone to leak information from time to time. Hackers can also install third-party apps surreptitiously on the phone due to these flaws in ShareIt.
The Trend Micro researchers were able to do sort of hacking, post which they flagged the anomaly in the ShareIt app. According to the researchers, they manipulated how Android apps talk to each other, only to find that ShareIt exposes way too many data nodes of the apps it can communicate with on Android. This not only leaves the app ridiculously unsafe, but it also reveals "user's arbitrary activities, including ShareIt's internal and external app activities." These abilities can be ultimately used to leak a user's sensitive information and even take control of the ShareIt app without the user's permission.
And the worst part is that these flaws have existed for over three months in the app, giving enough time to hackers to exploit them in case they are aware. Trend Micro has noted that it informed the developers three months back when they spotted them but ShareIt is still the same. "We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps' permission," said the report.
What to do?
For now, the best option to avoid this is to uninstall ShareIt from your phone, no matter if you downloaded it from Google Play Store. In India, ShareIt is already banned because it was found leaking information to China, which means it is not available from the official marketplace. But, in case, you got it from a different source and sideloaded it on your Android phone, you must delete it right now.