Trend Micro report several vulnerabilities in SHAREit, a popular Android application for file transfers. Vulnerabilities can be misused to leak sensitive user data and execute arbitrary code with SHAREit permissions using malicious code or applications. They can also potentially lead to Remote Code Execution (RCE). In the past, vulnerabilities that could be used to download and steal files from user's devices have also been associated with the app. Even though the app allows the transfer and download of various file types, such as the Android Package (APK), the vulnerability associated with this feature is most likely an accidental one.
Official Statement Regarding Data Security Incident
SHAREit app is a leading file sharing, content streaming and gaming platform. Since its inception, billions of users have entrusted SHAREit to quickly and securely share their files. The security of our app and our users' data is of utmost importance to us. We are fully committed to protecting user privacy and security and adapting our app to meet security threats.
On February 15, 2021, we became aware of a report by Trend Micro about potential security vulnerabilities in our app. We worked quickly to investigate this report, and on February 19, 2021, we released a patch to address the alleged vulnerabilities.