This can be subject to a 'Man-in-the-middle' attack. Furthermore, ShareIt's game store has the ability to download app data over unsecured HTTP. This could lead users to install malicious apps on their devices unknowingly. Due to the vulnerability mentioned above, attackers have the ability to swap out install packages with a malicious app as soon as they're downloaded. Since ShareIt also features an Android app installer, it is also susceptible to a 'Man-in-the-disk' attack.
Trend Micro claims that 'an attacker may craft a fake file, then replace those files via the aforementioned vulnerability to perform code execution.'
This allows third-party apps to edit the data ShareIt uses to run, including the app cache generated during install and runtime. In effect, this vulnerability allows attackers to call on ShareIt's file-content provider and pass it a file path to get access to all of its data files. However, the developers behind ShareIt haven't given much thought to limit the app's content-provider capabilities, which can give attackers access to all files in ShareIt's 'private' directory.
