According to Trend Micro and Gizmodo, hackers and other malicious actors could easily access the app’s code if they exploited the way it communicates with other Android apps. Then they could take over the app to “run custom code, overwrite the app’s local files, or install third-party apps without the user’s knowledge,” ZDNet explained.
It’s important to note that this only applies to the Android version of the app. As ZDNet noted, SHAREit’s iOS app uses a different codebase. The Trend Micro researchers who discovered the flaws said they already notified Google of the matter.
More worryingly, they said they alerted the app’s developer to the problem three months ago, but did not receive a response. Therefore, they decided to go public with their findings, “since many users might be affected by this attack because the attacker can steal sensitive data and do anything with the apps’ permission.”
SHAREit is quite popular in Malaysia, currently ranked #37 by Sensor Tower in its Google Play free apps category. Gizmodo said that the app was among those blacklisted in January by the outgoing Trump administration as a “Chinese connected” application that collects a concerning amount of personal information.