Recently, an interesting vulnerability was discovered by French security researcher, Elliot Alderson, in the Android app ES File Explorer (version 4.1.9.7.4 and below). ES File Explorer is a file manager, which has been downloaded more than 100,000,000 times from the Google Play Store. The older versions of the app start an unauthenticated web server, typically after the app is opened by the user at least once, and allows anyone connected to the same network, which can include public Wi-Fi networks and business networks, to interact with the application and access all files on the Android device’s file system.
