There are a bunch of Android apps that let you connect to your phone remotely to do things like transfer photos or other files to a PC without wires, view text messages and other notifications on a computer, or use your phone as a proxy server for connecting a PC to the internet.

In order to do that, these apps essentially turn your phone into a mobile server. But researchers at the University of Michigan have discovered that many app developers fail to adequately secure the ports opened on your phone… which makes it relatively easy for malicious hackers to scan for open ports and obtain access to at least some parts of your device.

The team developed a tool called OPAnalyzer to check Android apps for open port vulnerabilities. After scanning more than 100,000 apps, the researchers found more than 1,600 apps that create open ports on a smartphone, more than 400 of which have vulnerabiliites.

57 of those are “popular mobile apps, with 10 to 50 million downloads.

Wondering if an app you use is affected? The developers haven’t released a complete list, which is probably a good thing since it would alert folks with bad intentions of where to direct their efforts. But Wired Magazine notes that popular app AirDroid “had an authentication flaw” but it has already been patched.

WiFi File Transfer, on the other hand, has apparently not yet patched a flaw in their software that could let hackers access photos and other data stored on a phone’s SD card.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

5 replies on “Security threat posed by many Android apps that turn phones into a servers”

  1. This and other reasons is why I prefer Feem v4 (https://www.feem.io) for my file transfer needs. It was built with security in mind from day one.
    Gosh, when will developers learn to take security seriously. I stopped using AirDroid and Wi-Fi File Transfer when it was obvious how easy it was for an attacker in the same Wi-Fi network to access your files.

    1. Some people don’t trust those companies with their files. I use syncthing to sync files across my devices.

Comments are closed.