It’s not often that popular mobile apps that have been around a long time are packed with vulnerabilities. Programs that are available on official app stores go through serious testing. If there are any problems, the app is not listed.
Apple is typically stricter about this than Android. You can only get iOS apps on the official Apple App Store. This keeps users from downloading malicious programs from third-party app stores that don’t offer the same security standard. Tap or click here to see how a third-party app store recently leaked millions of credentials.
Android, on the other hand, is open-source software that allows almost anyone to develop apps. You can also download Android apps from anywhere, which can pose serious security threats. Now, a popular file-sharing app has left the door open for hackers to cause all kinds of havoc.
Here’s the back story
One would assume that an app that has been downloaded 1 billion times wouldn’t pose a security risk. Surely somebody would have spotted a flaw. Well, it turns out that it has, and somebody did. Researchers at Trend Micro discovered several vulnerabilities in the Android file-sharing app SHAREIt.
The app can be used as a gateway for hackers to enter exploited phones and steal sensitive data. A Remote Code Execution (RCE) can also be triggered.
Digging deeper into the code of the app, researchers found it can also read WebView cookies. This can be used to rewrite files in the app’s data folder. By replacing the files with something more malicious, hackers could have complete control over your device.
Here is what you can do
The simple answer is to uninstall the app immediately. Another suggestion is to make sure that your operating system is up to date. There is no telling when the app will be updated to plug the holes, but according to Trend Micro, it will not be anytime soon.
Trend Micro told the app’s developers about the vulnerabilities 3 months ago and it still hasn’t been patched.
“We reported these vulnerabilities to the vendor, who has not responded yet. We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission. It is also not easily detectable,” Trend Micro explained in a blog post.
Here is how you can check on what permissions an app has:
- Tap Settings on your phone.
- Scroll down and tap Apps & notifications.
- Tap the app you want to review.
- Scroll and tap Permissions.
- Choose which permissions you want the app to have, like Camera or Phone.
A list of what the app requires access to or what it can change will be displayed.