Using purpose-built code, researchers found this component, along with other irregularities in the storage area root path, could result in remote access to private app functions and the ability of any third party to “again temporary read/write access” and “overwrite existing files in the SHAREit app.” Researchers at Trend Micro found a problem with a broadcast component in the app. Prior to the update late last year, the app functioned without incident and was well-reviewed. A recent update to the app delivered malware that uses the designated mobile web browser on users’ phones to deliver out-of-app advertisements.
News about the SHAREit app vulnerabilities follows an earlier report about another popular Android app called Barcode Scanner. The vulnerabilities were first reported to the app developer three months ago, according to the report, but have still not been patched. Trend Micro said the vulnerabilities could allow the leak of sensitive user data and the exploitation of permissions in the app to gain full device access for remote attackers. The app, which has been downloaded more than a billion times on Google Play, bills itself as the fastest cross-platform file-sharing app in the world. A report released this week by IT security company Trend Micro announced the discovery of several critical security vulnerabilities in a mobile app for Android devices called SHAREit.
