According to Wired, a group of researchers from the University of Michigan identified hundreds of applications in Google Play that make your devices insecure. Specifically, they noted that the least secure app of them all was the Wi-Fi File Transfer android app.
Below are some of the ways the Wi-Fi File Transfer puts your privacy at risk:
People around you can easily invade your privacy
In order for you to access your android files on PC, the Wi-Fi File Transfer app asks you to visit a specific url on your computer’s browser. The URL the app asks you to visit is actually very simple to guess (http://phone_ip_address:1234).
Great, until you realize you can now access your files without a password! This means ANYONE in your local network can access your files, without you being the wiser. Friends, family, colleagues, enemies… anyone in the same building as you are can now potentially steal sensitive information from your phone.
It is often said that the greatest security threats are from within. The Wi-Fi File Transfer app makes it so easy to be vulnerable.
A remote hacker can steal sensitive information from your phone.
This is what was uncovered by the Wired article. Let’s break down how this exploit works step by step.
- An attacker creates an innocent-looking game or utility and publishes it on Google Play. The app is designed not to require read access for any of your files.
- You discover the innocent-looking game on Google Play, and install it with a false sense of security. Since you didn’t grant the game permissions to read your files, you incorrectly assume your privacy is not at risk.
- This is where it gets interesting. Whenever you open your Wi-Fi File Transfer app to transfer files to PC, the malicious game you downloaded detects this, and uses the insecure port opened by Wi-Fi File Transfer to steal your data. In other words, because of the security permissions on Android, the malicious game didn’t initially have the ability to steal your pictures… but because of Wi-Fi File Transfer app, it now can.
The video below shows this attack in action:
Best Alternative To The Wi-Fi File Transfer App.
Now that we know that the Wi-Fi File Transfer app is very unsafe on android, what other options do we have?
We strongly recommend Feem as the best alternative to the Wi-Fi File Transfer app on android. Feem was built with security in mind from day one, securing every file transfer you make. Oh, and Feem works on all platforms, not only Android. It’s easier than ever with Feem to send files from Android to your iPad (for example), something which the Wi-Fi File Transfer app on Android cannot do. You should download Feem now.