App Flaw Reportedly Creates Backdoor for Hacking Millions of Android Phones

A recent study has found that hundreds of Android apps on Google Play that help users connect to PCs via Wi-Fi leave some ports open and poorly secured, exposing the device to hackers. This research was done by a group of researchers from the University of Michigan, who claim that the most vulnerable among the lot, is an app called Wifi File Transfer, that has as many as 10 million Android downloads.

The researchers scanned almost 100,000 popular apps on Google Play, out of which 1,632 apps created open ports mostly to connect to PCs. Out of these 410 apps had very weak to no security protection, and 57 apps specifically left ports completely open for hackers to tinker with. One of the apps that the researchers found to be particularly dangerous was Wifi File Transfer that has garnered almost 10 million user downloads on Google Play. It essentially lets you connect a PC to a phone through an open port via Wi-Fi, and has no password or fingerprint authentication to protect the user's data. This means that if some unethical user gains access to this port, they can also gain access to all sensitive data as well. This exploit enables hackers to steal data, including contacts or photos, or even install malware.

Another app with an authentication flaw was AirDroid, and Wired reports that the developers immediately fixed the bug as soon as the Michigan researchers notified them. However, Wifi File Transfer app makers have failed to acknowledge till date. The full research paper details half a dozen more apps including PhonePal and Virtual USB that create a backdoor for hackers to exploit.

The researchers say that the user and Google for that matter is quite helpless in this matter, and developers' will have to do a lot of work on their end to make their services more safe. For now, we recommend you to uninstall Wifi File Transfer and the other mentioned apps, and give priority to security over convenience.