Google Play App Downloaded by Millions Leaks Data & Geolocation

Posted by Roxane Suau on December 14, 2017

Yesterday, Pradeo’s behavioural analysis engine raised an alert about an application available on the Google Play store called “Dune!”. The app is a game that has been downloaded over 5 million times in the last few weeks and is now part of the “Top Apps” list on the Google Play store.

Read More

White Paper: The Path Towards a GDPR-Compliant Mobile Framework

Posted by Roxane Suau on November 28, 2017

The GDPR, General Data Protection Regulation, is a new European law that will be enforced in May 2018, and apply to any company that collects, manipulates and/or stores European residents’ personal data, regardless of their physical location. It relies on the fundamental right that every citizen has to protect his private life and data.

Read More

Mobile Application Security Testing, A Must Do

Posted by Roxane Suau on October 19, 2017

Every month, thousands of mobile applications are released and the amount of apps available on stores is currently estimated to be over 4 millions. In a recent study, the Ponemon institute identified that 60% of IT security leaders reported a data breach caused by an insecure mobile app, meanwhile only 29% of mobile applications are being tested for vulnerabilities.

Read More

The Hidden Face of Uber: Behaviors & Vulnerabilities

Posted by Roxane Suau on October 12, 2017

Lately in the news, we’ve read a lot about popular apps performing malicious and intrusive behaviors. The fact is that as users, we only see a tiny part of the actions performed by mobile apps, the rest of them being silently executed. Comparable to an iceberg, 90% of an app’s actions are hidden and consequently, hard to control.

Read More

SMS OTP Authentication: Not As Safe As You May Think

Posted by Nicolas Desnos on October 05, 2017

Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps. The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.

Read More