An Android app used by a pregnant chunk of the globular population also has glaring security defect that would permit a savvy cyberpunk to slip a user ’s information or even hijack the app ’s operations using arbitrary code .

ShareIt , which claims to have more than 1 billion global downloads , is the product of Singapore - based developerSmart Media4U. Its principal feature is equal - to - compeer single file sharing , which give exploiter the ability to change pic , medicine , television , gifs , and more . The app , which has been on an up trajectory over the past several years , hasgarnered recognitionfor its swift growth and global reach .

But it also apparently has software package vulnerabilities that would permit a bad actor to easily leak out a drug user ’s datum or even execute arbitrary code by ill-treat ShareIt permissions , concord toa new reportfrom Trend Micro .

A file-sharing app that claims it has been downloaded from the Google Play store more than 1 billion times has serious security flaws.

A file-sharing app that claims it has been downloaded from the Google Play store more than 1 billion times has serious security flaws.Photo: Sam Rutherford/Gizmodo

One of the app ’s master vulnerabilities is how it shares information and permission with other apps , the written report shows . Indeed , due to the way inter - app communication pass off on Android phones , the chopine hasa historyof unsound actor set about to exploit said communication pathways for malicious purposes . Specifically , “ bad apps , ” or programs on the Q.T. move by a bad actor , may face for slipway to access or manipulate datum on legitimate apps .

ShareIt is correct up to essentially swing the doors widely opened to other apps when it issue forth to information exchange via its content supplier interface . According to researcher , these vulnerability could allow “ any third - political party entity ” to “ gain irregular read / write memory access to the [ app ’s ] content provider ’s data . ” This would fundamentally allow for a hijacking of the app to run “ custom code , overwrite the app ’s local files , or set up third - party apps without the drug user ’s knowledge,”ZDNet tone .

Trend Micro researchers chance on this vulnerability by doing it themselves . By manipulating how apps in the Android ecosystem talk to each other , they found that the ShareIt app would share right smart too much entropy , revealing a exploiter ’s “ arbitrary activities , including ShareIt ’s internal ( non - public ) and outside app activities . ” In various ways , these security flaws could ultimately be “ abused to leak out a exploiter ’s sensitive data and accomplish arbitrary code with ShareIt permissions , ” researchers drop a line .

Screenshot: Lucas Ropek: Google Play Store/SHAREit

Screenshot: Lucas Ropek: Google Play Store/SHAREit

Probably the unfit thing in the whole report is the fact that Trend Micro says it shared these surety subject with Smart Media4U about three months ago and that the society seemingly did nothing . The account conclude :

We report these vulnerabilities to the marketer , who has not responded yet . We decided to disclose our enquiry three month after report this since many user might be affected by this attack , because the attacker can steal sensitive data point and do anything with the apps ’ permission .

This is also not the first fourth dimension that ShareIt has been flag as a security risk . The app was really blacklisted by the U.S. in January , when a mistily word executive order from the Trump White House list it as one of several “ Chinese connected ” practical app that Americans should stay away from for fear of where their data might stop up . On his way out the threshold , Trump issued a blitz of such orders targeted at the Asiatic engineering science sector , most of which seemed designed to antagonize and isolate Chinese companies . The club exclaim :

How To Watch French Open Live On A Free Channel

The United States has evaluate that a number of Taiwanese connected software system app automatically capture huge swaths of information from millions of exploiter in the United States , including tender personally identifiable data and secret information . At this prison term , legal action must be taken to call the menace posed by these Taiwanese connected computer software software …

It ’s unlikely that a ton of Americans actually use ShareIt . Industry outletsseem to showthat a bulk of the app ’s exploiter base is located in the Middle East , Africa and Asia ( it wasrecently bannedin India , where the authorities bar its military service personnel office from using the app due to data security concern ) . Nonetheless , if you have downloaded ShareIt and are using it for some reason , it might be best to rethink that conclusion .

We have reached out to Smart Media4U for comment and will update this story if we hear back .

Argentina’s President Javier Milei (left) and Robert F. Kennedy Jr., holding a chainsaw in a photo posted to Kennedy’s X account on May 27. 2025.

AndroidComputingOperating systemssoftwareVulnerability

Daily Newsletter

Get the best tech , science , and culture newsworthiness in your inbox daily .

newsworthiness from the future , delivered to your present .

You May Also Like

William Duplessie

Starship Test 9

Lilo And Stitch 2025

CMF by Nothing Phone 2 Pro has an Essential Key that’s an AI button

Photo: Jae C. Hong

Doctor Who Omega

How To Watch French Open Live On A Free Channel

Argentina’s President Javier Milei (left) and Robert F. Kennedy Jr., holding a chainsaw in a photo posted to Kennedy’s X account on May 27. 2025.

William Duplessie

Starship Test 9

Roborock Saros Z70 Review

Polaroid Flip 09

Feno smart electric toothbrush

Govee Game Pixel Light 06