One version previous of the Android application of Shein had a bug that periodically captured and transmitted clipboard contents to a remote server, but first things first.
What is Shein, in short?
Shein is an online fast fashion retailer based in Singapore, but owned by a Chinese company.
The company sells clothing, shoes, accessories and other fashion products at affordable prices primarily through its website and mobile app. Shein has become popular with young consumers due to its low prices and large selection of fashion products.
It must be said that the company has been criticized for the quality of its products, for the working conditions of the employees in its factories in Asia and for environmental sustainability.
What problems did Shein have?
The Microsoft 365 Defender research team said they have discovery through the use of Virustotal the problem in the version 7.9.2 of the app released on December 16, 2021; Without creating alarmism, let’s say it right away: the bug was fixed in May 2022.
Shein, originally called ZZKKO, as mentioned above, is a Chinese online fast fashion retailer based in Singapore; its application, currently at version 9.0.0, has over 100 million downloads on the Google Play Store.
The US tech giant (Microsoft) said there are no “specifically malicious intent behind such behavior [dell’applicazione in questione]“, but pointed out that the function is not required to perform tasks within the application.
Furthermore, it was highlighted that launching the application after copying any content to the device clipboard would automatically trigger an HTTP POST request containing the data to the server “api-service[.]shein[.]com”.
To avoid such privacy risks, Google has further improved Android in recent years, including displaying warning messages when an application accesses the clipboard (the famous “allow” or “do not allow” to understand us) and the prevention of applications from obtaining the data unless it is actively running in the foreground.
https://www.youtube.com/watch?v=ka_wAjvvyUM
“Since mobile users often use the clipboard to copy and paste sensitive information, such as passwords or payment information, the contents of the clipboard can be an attractive target for cyberattackssaid researchers Dimitrios Valsamaras and Michael Peck.
The researchers then concluded that “Using the clipboard can allow attackers to gather targeted information and extract useful data“.
I used Shein in the described period – should I be afraid of anything?
It is always important to be careful about how your personal information is used and to choose applications and services from reliable sources; in general, it is a good practice to check the permissions requested by the applications and privacy settings of your mobile devices to limit the risk of privacy violations.
Answering the question: if you used the Shein application for Android during the period of the bug that periodically captured and “transmitted” the contents of the clipboard to a remote server, there may have been a violation of your privacy.
However, it should still be reiterated that the company has stated that it fixed the issue in May 2022so if you have updated the app to the latest version available after this date, you should no longer be exposed to the risk.
If you’re concerned about your privacy, you might consider changing the passwords of your online accounts and closely monitor any suspicious activity on your credit cards or accounts.
For the rest: enjoy fashion on Shein!
#Shein #app #caught #transferring #notes #remote #servers