A WIDELY popular fashion app has been found snooping on users.
An out-of-date version of the Shein Android mobile app is spying on millions of Android users, Microsoft reported on Monday.
Apparently harmless behaviors in applications like this can be exploited with malicious intent.Getty
The popular fashion app has been accessing users’ clipboard activity.
“The Shein Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server,” Microsoft said in a release.
While Microsoft did not identify malicious intent to this, it nonetheless is considered a privacy breach and is not necessary.
In other words, there is no explanations for why the tracking is needed for Shein users to perform their tasks on the app.
The app in question is available from the Google Play Store and has over 100 million downloads.
It “highlights the risks that installed applications can pose, including those that are highly popular and obtained from the platform’s official app store,” Microsoft said.
Microsoft reported the findings to Google, and it was subsequently investigated by their Android Security Team.
In May 2022, Shein removed the behavior from the application.
Why does this discovery matter?
Even apparently harmless behaviors in applications like this can be exploited with malicious intent.
“Threats targeting clipboards can put any copied and pasted information at risk of being stolen or modified by attackers, such as passwords, financial details, personal data, cryptocurrency wallet addresses, and other sensitive information,” Microsoft said.
How can I keep my device safe?
Following the discovery, Microsoft has issued recommendations for users to protect themselves from risk:
Keep your device and the installed applications updatedRefrain from install applications from untrusted sourcesRemove applications with unexpected behaviors and report the behavior to the app store operator
Not the first scandal
Shein is no stranger to controversy.
The Sun exclusively reported on Monday that Shein’s knock-off Apple, Fitbit and Samsung smartwatches are snooping on users.