Home > News

SHAREit Android App Left Security Vulnerabilities Unpatched for 3 Months

By Laura Tucker
Shareit Security Bugs Featured

As consumers, we like to think that companies earning our money will do everything possible to keep their end of the bargain. When it comes to the app/software business, the developers should be keeping their products updated to keep their end of the bargain. That’s what makes situations like this frustrating. Android app SHAREit left security vulnerabilities unpatched for more than three months.

Identifying SHAREit Security Vulnerabilities

The SHAREit Android app provides users a way to share files with friends or between devices. Trend Micro mobile threats analyst Echo Duan said in a report on February 15, 2021, that the app contains security vulnerabilities that don’t have proper restrictions on the app’s code.

The SHAREit vulnerabilities can be exploited to run malicious code on phones where the app has been installed. This can be done through malicious apps that get installed on the device or through a man-in-the-middle network attack.

Shareit Security Bugs Play Store

The malicious commands sent through one of these methods to the SHAREit app take over the device, then run custom code, overwrite files, and install other apps, with the user being none the wiser.

The SHAREit Android app is also susceptible to “man-in-the-disk” attacks. In this vulnerability, sensitive app resources aren’t stored securely in the same area on the phone where other apps are stored. This leaves these apps vulnerable to being edited, replaced, or even deleted.

SHAREit Developer Compliance

With as much damage that the SHAREit security vulnerabilities can do, you would think the app developers would be anxious to fix it as soon as possible. However, this has not happened – for three months.

“We reported these vulnerabilities to the vendor, who has not responded yet,” reported Duan.

Shareit Security Bugs Android

He further noted, “We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data.”

Duan also said he shared the SHAREit security vulnerabilities with Google. However, he did not disclose how the company responded. A quick check shows that SHAREit is still up on the Play Store. Additionally, the developers have not only been answering comments left in the reviews within that three-month time frame, but it also shows that the app was last updated on February 9, 2021 – without fixing the security vulnerabilities, according to Duan.

SHAREit claims on its website that its apps have 1.8 billion users throughout 200 countries. It can be assumed the majority of users do not know about the security bugs. However, the SHAREit iOS app was not affected by the vulnerabilities.

Read on to learn critical Android security tips to protect your mobile device.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
From below of blue starry sky over radio telescope and trees with leaves
The Big Ear telescope was scanning at 1420.4056 megahertz on the night of 15 August 1977, the exact frequency at which hydrogen atoms vibrate across the universe, because Giuseppe Cocconi and Philip Morrison had argued years earlier that any species trying to be found would broadcast on that channel — and then, for 72 seconds, something did.
In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.