ShareIT File Sharing App Can Be Exploited to Inject Malware In Android Smartphones: Report

India is amongst the largest markets for SHAREit, with the app gaining a large part of its user base from this country.


Formerly Lenovo owned data sharing app, SHAREit, has multiple unpatched vulnerabilities that the app makers failed to fix for over six months, says a new report. The vulnerabilities affected the Android version of SHAREit, which had been downloaded over a billion times across the world. While file sharing has moved to the cloud for many, SHAREit remains a popular application, especially in countries like India. The bugs in the app could be used to run malicious code on smartphones, send unwanted commands and perform a man-in-the-middle attack, which is where attackers intercepts messages and other data by putting themselves between the victim and a server where data is being sent to.

According to the report, the cause of the vulnerabilities were lack of restrictions on who can access the app’s code. The app also leaves users open to man in the desk attacks, which were first found back in 2018. These happen when the resources of an app are stored without proper security measures, at shared locations on the disk. It leaves them open to deletion, modification and replacement. Attackers can exploit such a vulnerability to steal user data or spy on people who use such apps.

The vulnerabilities were found by security firm, Trend Micro, who first reported them to the company itself. However, the firm said it didn’t receive a response from the company in over three months and hence decided to disclose it on their website. At this point, unless SHAREit fixes the issues, it would be best for users to delete the app and its accompanying files from their phone. Trend Micro also shared the findings with Google, though it is unclear what the company’s response was. Google could, technically, remove SHAREit from the Play Store if it is found to be compromising users’ privacy.

SHAREit was originally owned by Lenovo, but had been spun off as a separate company some years ago. The app used to be used for sharing peer to peer sharing of information originally, but has expanded to entertainment, music, films, videos, GIFs and much more. Though the company has a global user base now, with users in over 200 countries (according to its website), it originally saw big growth in India. It remains a highly used app in India, though it doesn’t feature in top charts anymore.