14
exelix
6y

FYI if you have ES file explorer get rid of it cause it has a major vuln that lets other extract files from your phone
https://xda-developers.com/es-file-...
There are many better alternatives, i personally use FX.

...
...WHY TF DOES A FILE EXPLORER RUN AN HTTP SERVER IN BACKGROUND ?!

Comments
  • 1
    I used that app when I was on Android. Glad I've been on iOS for a year now.
  • 6
    @Stebner55 Most people don't brag about a downgrade. That's an interesting take there.

    *It's a joke. I couldn't give a shit what you use*
  • 1
    @Stebner55 I used it a long time ago (android 3.something iirc) then it got bloated with paid features and useless stuff so i switched to FX.
    Btw it's not a platform vulnerability, something similar could be implemented on ios as well, choose wisely the apps you install i guess….
  • 2
    @exelix

    Maybe this one isn't but others are. iOS doesn't allow apps access to SMS or call logs. Android does.

    Not saying one is better than another overall, but in terms of security, iOS is more idiot proof.
  • 2
    @Stebner55 I've used it on android for ages but I'm blocking it's damn Internet access through a root firewall.
  • 3
    @Stebner55 Android does allow those things indeed but by default, the user explicitly has to allow those things through an allow/deny prompt for every app.
    (the call/texting things)
  • 1
    I had installed it once because I wanted to “extract” an APK (from an installed app). After some time I started getting ad pop ups everywhere. Uninstalled it as soon as I noticed the correlation and haven't touched it since then.
  • 0
    I just used the default Android 🤷‍♂️
  • 0
    I use Amaze, it's open source and looks better than that awful ES, used to use but then couple of years ago they introduced a new shit design and I removed it...
  • 0
    You have to be on the same network and the app needs to be open.

    So the only way that would give someone access is if they're

    1. On my home network or I connect to a public WiFi; does that also mean mobile data?
    2. Have the app open

    Also I have never been able to connect from my PC.... Ever... Am I missing something cuz that actually would be a good feature so I don't have to connect a cable everytime...
  • 0
    FX is good.
  • 0
    @filthyranter I beg to differ, used it hated it. Went back to ES... ¯\_(ツ)_/¯
  • 0
    @billgates Well, at least try all the alternatives. Amaze, MiXplorer, and many others are open source!
  • 1
    There's a problem if this is turned on without the user's knowledge or consent, but I'm pretty sure it's a deliberate, published and potentially useful feature.
  • 0
    @d4ng3r0u5 ES was purchased by Cheetah Mobile, a company that makes a lot of crapware. I am pretty sure that's an intentional vuln.
  • 1
    @filthyranter I bought Pro before it was bought, I better noticed a difference, I think they don't touch it.
  • 1
    Website says v4.x.x... so yeah Pro is very old which I guess is fine... I just need a file explorer that just does me what I want and nothing more. I think FX had a bunch of crap defaults and "protection" like confirming every single fucking action... Yes I think they're what it was...
  • 1
    @7400 there is an app called apk extractor and it's way smaller and user friendly (only has a banner ad, no more)
  • 0
    @d4ng3r0u5 there is no option to disable it, out of curiosity I tried downloading it on my phone, as soon as you get into the first time setup the server is up and you can connect. I think by now the update that fixes it has been released

    @billgates apparently this works even if the app's closed, didn't try on my phone cause I have greenyfy that would probably have blocked it. How easy it is to exploit this is hard to say, your secured home network is safe and cellular network requires knowing your ip, but like in a public hotspot you could just query any device on that port till someone answers.
  • 1
    @exelix I have unlimited mobile data so never use hotspots unless there's no reception. And yes I have greenify too.

    Also as I said I used pro which apparently hasn't been updated in years...
  • 0
    unlimited data and wifi could have careless if they want to take my nudes :D
  • 0
    @monmadmatt People like you are the cause of this kind of this shit to continue happening.
  • 0
    AW FUCK
    i use it since it's got FTP server capabilities, the app APK puller, etc.

    Fuck...
Add Comment