In September last year, the government banned a large number of applications in the country, citing national security concerns. In June, 59 apps were banned, followed by another 118 in September and 43 more in November. SHAREit, of those banned apps, it now appears, has a vulnerability that could be misused to leak sensitive user information and execute arbitrary code, according to a recent report.
Cybersecurity firm Trend Micro has stated that the SHAREit app, which has a billion downloads already, requests a wide range of permissions from its users and that it contains a common Android security flaw that allows attackers to gain access to its internal files, allowing them to control the app and compromising user security, in a report published with Ars Technica.
How does it work? According to Trend Micro, the security flaw pertains to controlling the “content providers” that Android allows apps to set and disable when they need to communicate with another app. However, instead of closing down the parts that it should have, the app allows a potential hacker to gain access to its internal files. At that point, it would be theoretically possible to take control of the app.
While this wouldn’t be too much of a concern for most apps, the fact that SHAREit has access to a plethora of permissions makes it a potential threat if it gets infected. These include special permissions like uninstalling other apps, deleting file system data, turning on and off the microphone and camera, switching on location, and start itself when you reboot your phone.
Users are therefore advised to switch to a better alternative – Trebleshot, Fast File Transfer, and many others exist and are well received by their users. You can also look at the Google Files app, but using the SHAREit app if it is installed on your phone could be a security concern – even if the developers issue a fix, the app being banned from the Play Store in the country means you will not get updates anyway.