If you’ve been using Android for a while, you’ve probably used your fair share of file explorers. One of the best for a long time was ES File Explorer, but over the past few years, it’s turned into a buggy, ad-filled mess that’s basically unusable without the Pro upgrade. Now, it’s been revealed that the app has housed a security vulnerability for quite some time.

The best gifts for Android users

Security researched Elliot Alderson recently revealed on Twitter that a flaw in the app makes your files vulnerable to theft if you’ve opened the app even one time. This isn’t overly serious, though, seeing as the attack can only occur on a local network. Still, with over 100 million downloads, this is something that ought to be fixed.

Alderson explains that this vulnerability occurs each time the app is opened. When launched, the app automatically opens up an HTTP server on port 59777. That might sound like gibberish to the average Joe, but to anyone with the proper knowledge, it’s very easy to exploit that to pull any files they want from your device. It’s generally a bad idea to be on a network with people you don’t know, but if you’re an ES File Explorer user, you might especially want to avoid it.

This flaw is present in every version of ES File Explorer up until version 4.1.9.7.4. The app’s developers, though, have contacted Android Police to note that they’ve already fixed the vulnerability and have rolled out the change via the Google Play Store. Version 4.1.9.9 seems to fix the problem and is available now.

More on Android apps:


Check out 9to5Google on YouTube for more news:

About the Author