Google Play app "Peel Smart Remote" leaks users' pictures

Posted by The Pradeo Lab on June 07, 2019

Updated on June 7th: Following the announcement of these discoveries, the "Peel Smart Remote" mobile application was removed from Google Play.

 

The Peel Smart Remote app is a widely used Google Play application (100M+ installs) that has often made the news because of its highly intrusive behaviors, such as full screen overlays and untimely advertising, causing poor user experience.

Last week, the Pradeo Security engine alerted its users about severe security issues discovered in the app’s 10.7.3.3 version. It has been found that the application collects and leaks users’ pictures to a server that does not belong to the app publisher. Last Friday, the application was updated on the Google Play store (now version 10.7.4.2), the leaky behavior has been removed from the code but yet no communication was made by the company on this matter. Because applications’ update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed.

 

 

Read More

Mobile security: How to secure enterprise mobility

Posted by Luc Pinto-Capelle on May 27, 2019

The Unified Endpoint Management (UEM) model has known a steady growth in its popularity, taking further the management capacities of the Enterprise Mobility Management (EMM) by including not only the company’s mobile devices but also the laptops and desktops devices within the same solution. The UEM solution allows for increased efficiency, more cost-effectiveness and a better mobile security within an organization, this last point being further improvable through the adjunction of a mobile security solution such as a Mobile Threat Defense (MTD) solution.

 

Read More

Mobile application security: Hardening, Shielding, RASP…

Posted by Luc Pinto-Capelle on May 27, 2019

With the drastically increasing frequency of hacking attempts on mobile applications, on both iOS and Android, and the often devastating consequences they unleash, it is more crucial than ever to use mobile application security solutions. Hardening and shielding refer to a set of technologies designed to protect applications against piracy, exploits, breaches, tampering, as well as reverse-engineering and invasive monitoring, therefore securing intellectual property and ensuring compliance with the current data privacy regulations.

 

Read More

The alarming security state of airline mobile apps

Posted by The Pradeo Lab on May 23, 2019

Do you usually install your airline mobile app when traveling? You may think twice before using it for your next vacation.

Our latest study based on the security testing of global top 50 airline mobile applications shed the light on some alarming data privacy concerns. The audit was performed this week by Pradeo Security, an engine designed to reveal mobile apps’ behaviors (data processing) and vulnerabilities. Among the 50 mobile applications tested, had been included the most used ones globally, mainly from North America, Western Europe and Eastern Asia.

 

Read More

SMS OTP Authentication: Not As Safe As You May Think

Posted by Roxane Suau on May 21, 2019

Most online transactions require a two-step authentication, and the One-Time-Password (OTP) sent by SMS is often one of those two steps. The purpose of an OTP is to prevent fraud by confirming that the person making the transaction and the credit card owner are one and the same. To do so, a temporary code is automatically sent by SMS to the phone number associated with the bank account used.

 

Read More