Outlining their findings online, Trend Micro said: “We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE).
“In the past, vulnerabilities that can be used to download and steal files from users’ devices have also been associated with the app. While the app allows the transfer and download of various file types, such as Android Package (APK), the vulnerabilities related to these features are most likely unintended flaws.
“SHAREit has over 1 billion downloads in Google Play and has been named as one of the most downloaded applications in 2019. Google has been informed of these vulnerabilities.”
According to the Google Play Store, the last time SHAREit was updated was on February 9, which was prior to the Trend Micro research was published. The file-sharing app, which lets users exchange photos, music, videos and GIFs, in total has 1.8billion users worldwide. In fact, according to App Annie, SHAREit was one of the top 10 most downloaded apps in the world in 2019.