The Pradeo Lab

Recent Posts

The Pradeo Lab identifies another app with Joker malware on Google Play

Posted by The Pradeo Lab on October 22, 2019

Update: The app “Int App Lock” has now been deleted from Google Play and added to global antiviral databases.


Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. In September, the malware was found in 24 apps on Google Play. Last week, Pradeo researchers identified another infected application still featured on Google Play. The app called Int App Lock, a tool intended to lock access to some data with a PIN code, was installed on 10,000+ devices. Users are advised to immediately delete it from their device.

 

Read More

Report | How secure are the most widespread mobile applications?

Posted by The Pradeo Lab on August 26, 2019
 
This security report presents how secure mobile applications are, according to the industry they are part of. It delivers statistics showing that even in the most sensitive sectors, leaky applications are extremely common, at the expense of data privacy. The results it features to better understand the most widespread app threat and should help orientate security strategies accordingly.
Read More

FaceApp: What our security report shows

Posted by The Pradeo Lab on July 25, 2019

FaceApp is currently highly questioned in the press. A lot of articles and some American politicians relate that the Russian mobile application collects and exfiltrates its users’ personal data, without specifying which. Real threat or fake news? The FaceApp security analysis performed by the Pradeo Security engine clarifies things. Here is a part of it.

 



Read More

Google Play’s most downloaded shopping apps irresponsibly process users’ data

Posted by The Pradeo Lab on July 03, 2019

The largest online retailers in the world offer their products through mobile applications that are used by billions of customers. As a result, nowadays 82% of internet users shop online through their mobile device, according to a Statista report.

When a mobile application handles personal and financial data, it is required by data privacy laws, such as the General Data Protection Regulation (GDPR) and the Payment Service Directive 2 (PSD2), to embed security capabilities that’ll enforce privacy by design and prevent data breach.

The Pradeo Lab looked into Google Play’s 38 most downloaded shopping apps, shredding them with its app security testing tool. The results show they overly process personal data and handle them in a poorly secure manner.

 

 

Read More

Google Play app "Peel Smart Remote" leaks users' pictures

Posted by The Pradeo Lab on June 07, 2019

Updated on June 7th: Following the announcement of these discoveries, the "Peel Smart Remote" mobile application was removed from Google Play.

 

The Peel Smart Remote app is a widely used Google Play application (100M+ installs) that has often made the news because of its highly intrusive behaviors, such as full screen overlays and untimely advertising, causing poor user experience.

Last week, the Pradeo Security engine alerted its users about severe security issues discovered in the app’s 10.7.3.3 version. It has been found that the application collects and leaks users’ pictures to a server that does not belong to the app publisher. Last Friday, the application was updated on the Google Play store (now version 10.7.4.2), the leaky behavior has been removed from the code but yet no communication was made by the company on this matter. Because applications’ update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed.

 

 

Read More