Beware of Airdroid - over 20 million users exposed to security risks
Zimperium's findings highlight how malicious parties can exploit the app's built-in functionalities and use them against users on the same network. Airdroid uses the same encrypted HTTP request to authorize the device and send usage statistics. The key to this encryption is hardcoded into the application, which means that everyone using it has the exact same key. With this key, attackers can intercept the authentication request and gain access to private account information, such as the e-mail address and password associated with the Airdroid account. Moreover, the hackers can also use a similar method to inject any malicious APK by prompting the app to notify the user of a required software update.
It is very unfortunate to see a developer putting profits before people and not focusing on security. While we all hope to see these issues fixed in the next update, it is advisable to stop or at least limit the use of this app until something is done to correct this.
source: Zimperium via Android Police
Things that are NOT allowed: