Trend Micro reports that the Android version of popular file-sharing app SHAREit has vulnerabilities that its developers have failed to address through patches for the last three months, according to ZDNet. The bug leaves smartphones with the app, which has had more than 1 billion downloads, open to malicious code introduced by attackers. Analyst Echo Duan says the flaw lies in the absence of restrictions on who can access the app’s code, which allows attackers attempting a person-in-the-middle network attack to hijack the app through malicious commands and from there run custom code, change local files or install their own apps. Threat actors are also capable of exploiting the app’s vulnerability to Man-in-the-Disk attacks, according to researchers. Duan said they informed SHAREit of the vulnerabilities three months before disclosing their research but got no response. Google was also informed of the group’s findings but Duan declined to share the company’s response.