Skip to content

They discover several security flaws in one of the most downloaded Android apps in the world

It has more than 1 billion downloads, and they have discovered several serious security breaches in it.

With over 1 billion downloads on Google Play, SHAREIt has become one of the most downloaded applications in the history of Android. In fact, only a few years ago it managed to place itself in the world of apps.Now, cybersecurity experts at TrendMicro have discovered not one, but various security flaws in SHAREIt, which could be endangering user data, as well as the integrity of their devices.

Applications for Android on a Samsung mobile.

Over 1 billion downloads and various security flaws

As the researchers specify, after analyzing the application code, several gaps were discovered. Some of them could lead to remote code execution threats. In fact, it has been possible to verify how it is possible exploit vulnerability through a fake application created specifically for that purpose, capable of obtaining read / write permissions through SHAREIt.

This allows install third party apps without the need for the user to grant express permission, using the tools integrated in SHAREIt.

“SHAREIt also provides a feature that can install an APK with the filename suffix sapk. This function can be used to install a malicious application; if that’s the case, it will enable a limited RCE when the user clicks on a URL. “

But that is not the only flaw discovered in the application. Researchers indicate that SHAREIt is also susceptible to attack through techniques such as or MITD, allowing attackers try to deceive users Through pop-up windows requesting the installation of malicious applications.

SHAREIt

SHAREIt, one of the most downloaded apps in the world.

Actually, Google has already been informed of the problem, and hopefully the company will take action on it, probably removing the app from the store temporarily. It is worth mentioning that the application also has a version for iOS that allows share files between devices in the same way as in the Android version, although for now it is not clear if this version suffers from the same security problems.