{"id":180876,"date":"2021-02-17T21:45:42","date_gmt":"2021-02-17T18:45:42","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/uninstall-the-shareit-android-app-now-to-avoid-critical-vulnerabilities-review-geek\/"},"modified":"2021-02-17T21:45:42","modified_gmt":"2021-02-17T18:45:42","slug":"uninstall-the-shareit-android-app-now-to-avoid-critical-vulnerabilities-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/uninstall-the-shareit-android-app-now-to-avoid-critical-vulnerabilities-review-geek\/","title":{"rendered":"#Uninstall the ShareIt Android App Now to Avoid Critical Vulnerabilities \u2013 Review Geek"},"content":{"rendered":"

“#Uninstall the ShareIt Android App<\/a> Now to Avoid Critical Vulnerabilities \u2013 Review Geek”<\/strong><\/p>\n

\n
\"A
ShareIt<\/span><\/figcaption><\/figure>\n

Do you have the popular Android app ShareIt<\/a> installed on your phone? You should uninstall that as soon as possible. Sooner if possible. According to researchers at Trend Micro<\/a>, ShareIt suffers from many fatal flaws that could let hackers execute code on your device, install malicious apps, and more. And after three months, ShareIt chose to do nothing about the problem.<\/span><\/p>\n

According to Trend Micro, the vulnerabilities would allow bad actors to \u201cleak a user\u2019s sensitive data and execute arbitrary code with ShareIt permissions.\u201d ShareIt comes with extensive permissions requirements due to being an \u201ceverything in one\u201d app. <\/span><\/p>\n

As the name suggests, it started life as a sharing app, which already calls for plenty of permissions needs. But the app ballooned, and now it\u2019s a gif app, a video player, a song finder, a game<\/a> store, a movie store, and more.\u00a0<\/span><\/p>\n

ShareIt can request access to the camera, microphone, location, the entire user storage, and all media<\/a>. But while it requests all those permissions, it fails to put in the proper restrictions Android calls for to prevent abuse.<\/span><\/p>\n

The problem stems from how the developers enabled external storage permissions. If developers follow proper guidelines, everything will be fine. But ignore them, as ShareIt\u2019s developers did, and you\u2019ll leave your users vulnerable to a \u201cman-in-the-disk<\/a>\u201d attack.<\/span><\/p>\n

Apps install files should be sent to protected storage to keep them safe during the critical install period. If the developer stores those files in public storage instead, a bad actor can intercept the install files, replace them with new versions, and essentially upgrade an app to a malicious app. The same thing happened with Epic\u2019s Fortnite installer in 2018.<\/span><\/p>\n

If that\u2019s not bad enough, ShareIt\u2019s game store downloads app data over unsecured network connections (HTTP), which leaves the app open to\u00a0<\/span>man-in-the-middle attacks<\/span><\/a>. With the right know-how, a bad actor can update ShareIt to a malicious version, steal your user data, or both.<\/span><\/p>\n

Trend Micro says it notified ShareIt\u2019s developers three months ago about the problems and never heard back. Hopefully, all the bad publicity will help change the course, but in the meantime, you\u2019d be better off uninstalling ShareIt, at least for now.<\/span><\/p>\n

Source: Trend Micro<\/a> via Ars Technica<\/a><\/small>\n<\/div>\n