For a long time ES File Explorer was the de facto file manager for Android. Over time, however, it proved less trustworthy. A recent vulnerability reminds us why there are better decisions now.
As reported by Android Police, there is a new security hole in ES that exposes your files to everyone on the same network ̵
With more than 100,000,000 downloads, ES File Explorer is one of the best-known #Android file managers.
The surprise is that once you open the app at least once, anyone connected to the same local network can get a file from your phone. Https://t.co/Uv2ttQpUcN[19659004-ElliotAlderson(@fs0c131y) January 16, 2019
Obviously, ES port 59777 will open on your phone after launch so that everyone on the same network can access the file structure and beyond that. An attacker could use this open port to inject a JSON payload, then access and download all of your information.
The advantage is that the ES team knows about the problem and says that it has been fixed and an update is received:
We have fixed the problem with the http vulnerability and released it. Wait for the Google market to pass the review.
However, given ES's long history, this is just another opportunity to remind everyone that there are better options. If you insist on using ES, I would at least suggest getting rid of it until the update to fix this bug is available in the Play Store.
about Android Police