MOBILE SECURITY BLOG

The Peel Smart Remote app is a widely used Google Play application (100M+ installs) that has often made the news because of its highly intrusive behaviors, such as full screen overlays and untimely advertising, causing poor user experience.

Last week, the Pradeo Security engine alerted its users about severe security issues discovered in the app’s 10.7.3.3 version. It has been found that the application collects and leaks users’ pictures to a server that does not belong to the app publisher. Last Friday, the application was updated on the Google Play store (now version 10.7.4.2), the leaky behavior has been removed from the code but yet no communication was made by the company on this matter. Because applications’ update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed.

Applications have won mobile, that’s no longer news. As most organizations leverage mobile apps to enhance their users’ online experience, the whole mobile ecosystem is evolving accordingly. Cybercriminals and greedy individuals see in applications a surface to make money out of. Governments see in this surface a big risk for data privacy. Users trust in companies’ capacity to keep their information safe.

Banks have digitalized their services to offer the best experience to their clients. As a result, it is now of current use to check accounts and transfer money from mobile banking applications, arousing the interest of hackers to exploit the wide mobile attack surface. Facing this new vector of threats, the Bank to which this use case refers decided to ensure the security of its mobile banking application by leveraging Pradeo Security Runtime Application Self-Protection (RASP) solution. 

While the World Cup is around the corner, football applications are becoming omnipresent. Among their features, you can check live scores, follow your team ranking, create an account linked to your social media etc. At first sight, nothing scary. But while investigating applications* connected to one of the most followed event in the world, Pradeo’s research team found out a worrying trend: most of them are highly intrusive and vulnerable. On top of the list, there is the Eurosport app which was downloaded more than 10 million times.

Mobile applications are the first media we use to access information from our smartphones and tablets. We easily trust them with sensitive data, but what do we know about their security levels? Organizations develop mobile applications at a fast pace to keep up with business needs and often leave aside security measures.