Android, files at risk: bug in app with 100 million downloads

One of the most used apps on Android has a vulnerability that allows anyone to get into your files. Here's how to fix it

Bugs in apps and software are by no means new. On the contrary, almost every day more or less serious vulnerabilities are discovered in all kinds of applications, whether for PC or smartphones. In short, it's a common occurrence that, for the most part, doesn't even make the news anymore.

This is different, however, when the bug is present in one of the most famous and downloaded applications in the Google Play Store, which has a total of 100 million downloads. This is ES File Explorer, the Android equivalent of Windows Explorer. This app allows users to access all the folders and files in the phone's memory and manage them as they see fit: delete them, edit them, move them. It goes without saying that the app needs very extensive permissions, so it can access all the features of the device. It's a highly dangerous bug that exposes the files in your device's memory to all sorts of dangers.

What's the ES File Explorer bug

The problem with ES File Explorer, discovered by researcher Elliot Alderson, is one of those red marker problems. As soon as you open the app for the first time, ES File Explorer activates a communication port that allows it to access files from the Internet as well. Nothing wrong with that, you might think. The problem is that the port remains constantly "open" and can be used by anybody who is connected to the same local network as the smartphone. So, if you are connected to the office Wi-Fi and you have used ES File Explorer even once, a geeky colleague of yours with some time to spare could try to get into your smartphone.

What risks do you run with ES File Explorer

The dangers related to this vulnerability are quite obvious. If you are in a trusted network you are not at risk, but if you connect to a public network you may run into problems. A hacker could infiltrate the memory of your Android smartphone, sift through your apps and files and steal the ones he finds most interesting.

What to do if you use ES File Explorer

According to the researcher who discovered the flaw, the vulnerability affects ES File Explorer 4.1.9.7.4 (the version now available on the Google Play Store) and earlier versions. In short, there is apparently no escape. The only thing left for you to do is to delete the app from the device and wait for the developers to fix the problem by finding a suitable latch for the communication port.