The Android version of SHAREit, downloaded more than one billion times, contains unpatched vulnerabilities that the app maker has failed to fix for more than three months. The bugs can be exploited to run malicious code on smartphones and hijack the app’s features to run custom code, overwrite its local files, or install third-party apps without the user’s knowledge as reported by Echo Duan, a mobile threats analyst for Trend Micro.