SHAREit has been one of the most popular apps on the Play Store, overused to transfer files, pictures, and even APK files from one device to another. Reports now say that there are various security flaws in the popular app and that Google has been informed about the same. The Lenovo-developed application, which is now a company in its own right, has vulnerabilities that can be abused to leak sensitive user data and “run arbitrary code” with application permissions.
The vulnerabilities in the application were first reported by Trend Micro, which reported that the popular SHAREit application had several vulnerabilities or security flaws. According to Trend Micro, the developers were informed of the vulnerabilities in the SHAREit application about three months ago, but did nothing to fix it.
Reportedly, security flaws affect the Android version of the SHAREit app. The supposed error can be used to execute malicious code on devices where the application is installed. The main reason for this is the lack of proper restrictions on who can access the application code.
Any hacker can gain access to SHAREit through a malicious application or in the middle of file-sharing activity to send a malicious command to the SHAREit application. This can be done to write custom code, install an application, or overwrite local files in the SHAREit application, without the user knowing.
Information about potential vulnerabilities was recently released, including insecure storage of application resources in phone storage space that is shared with other applications where the potential hacker can edit or delete them. This was done considering that users could be affected by attacks and sensitive data could be compromised, as the application developers showed no signs of dealing with the reported vulnerabilities.