ShareIt has Major Security Issues even though it’s one of the most popular apps in the ecosystem, boasting over a billion downloads from Google’s Play Store and nearly 2 billion downloads overall (including the Windows, iOS, and macOS ecosystems). On top of that, its original creator, Lenovo, preinstalled it on all Lenovo phones, which may have been how you first encountered the app.
“ShareIt” is a hugely popular app and in the top ten most frequently download titles in 2019, so it has an enormous footprint.
Trend Micro’s Findings
Recently, Trend Micro conducted a security audit of “ShareIt.” Trend Micro’s findings may make you rethink using the app. According to the company’s reports, they found several major security flaws in the app that would allow for arbitrary code execution, resulting in the target system’s full compromise.
Unfortunately, the security issues stem from several unsuccessful design decisions leaving the software incredibly vulnerable. One example of this is that the app demands extensive permissions that give it complete control over the entire storage system, access to all media files on the device, install or delete apps, create accounts, and more.
Adding to the “ShareIt’s” problems is that its ‘private storage’ mechanism is anything but private. An analysis of the code reveals that the ‘android:exported’ variable setting it to False. The AndroidGrantUri-Permissions variable setting is to True, which means that literally, any third-party entity can gain temporary read/write access to the user’s data.
Trend Micro shared its findings with ShareIt’s development team more than three months ago. To date, the developers have not patched any of them. So it’s as vulnerable today as it was when Trend Micro first published their report. If you are a current user of the ShareIt app, you may want to consider uninstalling the app until the company tightens up the app’s security.
