If you’ve been using Android for a while, you’ve probably used your fair share of file explorers. One of the best for a long time was ES File Explorer, but over the past few years, it’s turned into a buggy, ad-filled mess that’s basically unusable without the Pro upgrade. Now, it’s been revealed that the app has housed a security vulnerability for quite some time.

Security researched Elliot Alderson recently revealed on Twitter that a flaw in the app makes your files vulnerable to theft if you’ve opened the app even one time. This isn’t overly serious, though, seeing as the attack can only occur on a local network. Still, with over 100 million downloads, this is something that ought to be fixed.

Alderson explains that this vulnerability occurs each time the app is opened. When launched, the app automatically opens up an HTTP server on port 59777. That might sound like gibberish to the average Joe, but to anyone with the proper knowledge, it’s very easy to exploit that to pull any files they want from your device. It’s generally a bad idea to be on a network with people you don’t know, but if you’re an ES File Explorer user, you might especially want to avoid it.

This flaw is present in every version of ES File Explorer up until version The app’s developers, though, have contacted Android Police to note that they’ve already fixed the vulnerability and have rolled out the change via the Google Play Store. Version seems to fix the problem and is available now.

More on Android apps:

Check out 9to5Google on YouTube for more news:

FTC: We use income earning auto affiliate links. More.

Check out 9to5Google on YouTube for more news:

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Schoon

Ben is a writer and video producer for 9to5Google.

Find him on Twitter @NexusBen. Send tips to schoon@9to5g.com or encrypted to benschoon@protonmail.com.