It’s a fact that file sharing in Android is easy. Unlike iOS, Android allows quick transfer of data between two devices as long as a special app is running. Managing Android files is convenient via drag-and-drop if you’re using a computer. For most Android users, they use ES File Explorer. The Android app is a file manager that’s already been downloaded over 100 million times. You can say it’s a very popular app within the Android community. It’s one milestone that is not easy to replicate but there may be a price to pay.
Someone just said the app ‘ES File Explorer’ isn’t exactly safe as anyone in the same network can have access to your files. If you open the app on your phone, people can also see the file and be able to get it.
Any content can be obtained from data to files and important documents. It’s like having access to a web server, only your phone isn’t a server. It’s supposed to be your own private storage.
Having access to your files can also mean further vulnerability. The exposed port is real. Thanks to Elliot Alderson, a French security researcher, who discovered the problem. He shared his findings that, “All connected devices on the local network can get data installed on the device.”
Here is a demo:
The ES File Explorer developers were requested to explain but no official response has been provided yet.
With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone https://t.co/Uv2ttQpUcN
— Elliot Alderson (@fs0c131y) January 16, 2019