SHAREit APK: Complete Security Analysis – Facts vs Fiction

Published: 26 Jul 2025

Executive Summary

SHAREit is a popular app that allows you to share files with others, boasting over a billion downloads. However, it has faced serious questions about its security and has been accused of potentially spying on users. In this overview, we’ll take a closer look at the real security issues, clarify any misunderstandings, and offer some advice for app users.

Background Overview

SHAREit is an app that allows users to share files, including photos and videos, directly between devices without needing an internet connection. It works by creating a unique wireless connection that enables fast and easy file transfers. However, there have been notable security concerns that have raised worries among some users about using the app.

Verified Security Vulnerabilities

Critical Flaws Identified (2019-2021)

Remote Code Execution Vulnerability

Allows attackers to tamper with app permissions
Enables unauthorized access to sensitive user data
Potential for complete Device compromise

FileProvider Component Weaknesses

Grants temporary read/write access to the app’s data folder
Enables attackers to overwrite files or execute malicious code
Exploitable through improper file handling mechanisms

Deep Link Manipulation

Malicious APK installation via man-in-the-middle (MitM) attacks
HTTP-based APK downloads create security vulnerabilities
Insecure connection protocols expose users to attacks

Man-in-the-Disk (MitD) Attacks

Insecure handling of external storage permissions
Attackers can replace files in SHAREit’s directory with malicious ones
Exposure of sensitive data through poor content provider setups

Sensitive Data Exposure

Potential access to Facebook tokens, cookies, and hotspot passwords
Leaked user information through poorly configured data files
Authentication bypass vulnerabilities in earlier versions

Overview of Research Findings and Timeline

2018: RedForce discovered serious issues that allowed unauthorized access to occur and allowed files to be downloaded without permission.
2019: RedForce found similar problems with file downloads, which were eventually fixed, although it took longer than expected.
2020: Trend Micro identified several security weaknesses that the system had not addressed.
2021: Trend Micro made public the existence of these issues after waiting over three months for them to be fixed, but no solutions were provided during that time.
2024: Various sources are reporting that security problems are still ongoing.

This timeline highlights significant discoveries made over the years regarding security weaknesses and the attempts—successful or not—to address them.

Spyware Allegations: Fact vs Fiction

Verified Concerns ✓

Government Actions

Banned in India (2020) along with 58 other Chinese apps
Cited as a potential national security threat
Temporarily removed from Google Play Store (March 2020)

Data Collection Practices

Excessive permissions requested (location, storage, Device info)
Data sharing with third parties, including Chinese analytics firms
Broad data sharing with advertisers and affiliates

Technical Issues

Outdated SDK (Pangle SDK) with critical vulnerabilities
Aggressive adware and bloatware are bundled with the app
Privacy policy allowing extensive data collection

Unsubstantiated Claims ✗

Government-Backed Spyware

No credible evidence of deliberate espionage
Risks stemmed from negligent security practices, not state-sponsored malice
Geopolitical tensions amplified accusations without technical backing

Active Data Theft

No evidence of keylogger or banking trojan behavior
No proof of designed password or financial data theft
Risks were data exposure via vulnerabilities, not intentional theft

Malicious Design Intent

No definitive evidence of deliberate spyware functionality
Security flaws appear to result from poor coding practices
Allegations are often politically motivated rather than technically proven

User Experience Reports

Common Complaints

Unexpected behavior (random audio playback, unauthorized notifications)
Device slowdowns and performance issues
Play Store warnings flagging SHAREit as harmful
Bloated interface with excessive ads and features
Suspicious files found in app directories

Red Flags Identified

Shift from simple file-sharing to an ad-heavy platform (post-2017)
Excessive permissions beyond file-sharing needs
Hidden files and “safebox” warnings
Intrusive lockscreen features and background activities

Current Status (2023-2025)

Improvements Made

Google Play Version: Updated with fewer permissions
Security Updates: Claims of improved security practices
Policy Compliance: Adherence to Play Store policies
SDK Updates: Removal of vulnerable third-party components

Ongoing Concerns

Sideloaded APKs: High-risk versions outside official stores
Data Collection: Continued data gathering for advertising
Reputation: Past security lapses affect trustworthiness
New Vulnerabilities: Emerging security challenges as of 2024

Risk Overview and Recommendations

1. Remote Code Execution (High Risk)

Current Situation: Partially fixed
What to Do: Update to the latest version of the software.

2. Data Exposure (High Risk)

Current Situation: Improved
What to Do: Keep an eye on who has access to your information.

3. Man-in-the-Middle Attacks (Medium Risk)

Current Situation: Addressed
What to Do: Use secure networks for your online activities.

4. Adware/Bloatware (Medium Risk)

Current Situation: Reduced
What to Do: Consider using different software to minimize the number of unnecessary programs.

5. Privacy Invasion (Medium Risk)

Current Situation: Ongoing
What to Do: Review your settings to protect your personal information.

By following these recommendations, you can help keep your information safe and secure. This proactive approach empowers you to take control of your app usage and data security.

Pros and Cons Analysis

Advantages ✓

Fast Transfer Speeds: Direct wireless connection enables quick file sharing
No Internet Required: Peer-to-peer functionality works offline
Cross-Platform Support: Works across different operating systems
Considerable File Support: Handles various file types and sizes
Broad Adoption: Over 1 billion downloads indicate reliability for basic functions

Disadvantages ✗

Security Vulnerabilities: History of serious, unpatched flaws
Privacy Concerns: Excessive data collection and sharing
Bloatware: Ads and unnecessary features clutter the interface
Trust Issues: Past security lapses create reliability concerns
Ongoing Risks: New vulnerabilities continue to emerge

Alternative Solutions

For Android Users

Nearby Share: Google’s native sharing solution
Quick Share: Samsung’s file-sharing platform
Files by Google: Built-in sharing capabilities

Cross-Platform Options

Send Anywhere: Secure file transfer service
Snapdrop: Web-based file sharing
EasyJoin: Simple alternative with fewer permissions
Feem: Local network file sharing

For iOS Users

AirDrop: Apple’s native sharing feature
Files App: Built-in file management and sharing

Security Recommendations

For Current Users

Update immediately: Install the latest version from official stores only
Review Permissions: Revoke unnecessary access rights
Monitor Activity: Check for unexpected background processes
Scan Files: Use antivirus software for shared files
Secure Networks: Avoid public Wi-Fi for file transfers

For New Users

Avoid Installation: Consider alternatives first
Official Sources Only: Download from Google Play or Apple App Store
Read Permissions: Understand what access you’re granting
Research Alternatives: Explore more secure options
Stay Informed: Monitor security updates and news

For Organizations

Policy Restrictions: Block SHAREit in enterprise environments
Employee Training: Educate staff about file-sharing risks
Approved Alternatives: Provide secure file-sharing solutions
Regular Audits: Monitor installed applications
Security Protocols: Implement comprehensive mobile security policies

Technical Mitigation Strategies

Immediate Actions

Uninstall versions before the 2021 updates
Clear app cache and data after updates
Review and modify app permissions
Enable Device security features
Use VPN for additional protection

Long-term Solutions

Implement mobile Device management (MDM)
Use enterprise-grade file-sharing solutions
Regular security assessments
Employee security awareness training
Network segmentation for file transfers

Conclusion

SHAREit APK represents a complex security case study where legitimate functionality has been compromised by poor security practices rather than malicious intent. While the app is not definitively spyware, its documented vulnerabilities and privacy concerns create significant risks for users.

Key Takeaways

Security vulnerabilities are real and documented by credible cybersecurity firms
Spyware allegations lack concrete evidence, but privacy concerns are valid
Recent improvements have addressed some issues, but risks remain
Alternative solutions offer better security without compromising functionality
User vigilance is essential regardless of the chosen file-sharing method

Final Recommendation

Due to past security issues and ongoing concerns, users need to consider alternative file-sharing options that are more secure and transparent. If you need to use SHAREit, ensure you download the latest version from official sources. Additionally, limit the app’s permissions and monitor its security.

When it comes to concerns surrounding SHAREit, it’s essential to focus on the known technical issues, rather than unverified claims about spying. Users should rely on credible security information instead of relying on political allegations and exercise caution when using any app that has had security challenges in the past.