The SHAREit app has over a billion users on Android – and it can be exploited to steal user’s data or run malicious code on the device.
A new report from Trend Micro details the vulnerabilities in the SHAREit app, which is one of the most popular downloads from the Google Play Store. According to the researchers, the app itself is not malicious but suffers from design flaws. These flaws could allow other malicious apps on the Android device to leverage the SHAREit app’s code to download and execute code which inherits the SHAREit app’s security permissions.
The Trend Micro report is a useful training experience for Android app developers as it demonstrates how application permissions and Intents can be leveraged to perform malicious actions if they are not designed with security in mind.
Security Managers that have the SHAREit app installed on their fleet of Android devices should be aware of the opportunity for abuse by other apps installed on the device.
To avoid similar risks introduced by in-house developed applications, a Mobile Application Penetration Test will identify design flaws and vulnerabilities that affect the security of your application and devices. OWASP has developed guidelines for testing the security of mobile applications: the Mobile Application Security Verification Standard which is available on GitHub.