Official Press Release here.
Pradeo’s new mobile threat intelligence services provide deep and accurate insights on mobile threats, offering companies visibility on the mobile environment, thus enabling effective counter-threat responses.
Enterprise mobility is remarkably enhancing productivity. Companies have seized this opportunity by enabling collaborators to work with mobile devices and applications, often out of companies’ premises. Accordingly, mobile data privacy has become a major focus for end-users and authorities in the last years. The area is now regulated by general or industry-specific laws that require organizations to protect their mobile environment through the deployment of dedicated solutions. These new usages and legal requirements are redefining cybersecurity, constraining security heads to rethink their strategy.
When Google and Apple remove malicious or leaky applications from their stores, people who have them on their smartphone are not notified of their dangerous behaviors. Therefore, millions of users keep them on their devices, exposing all the data they manipulate to identified threats.
Mobile services are increasingly being used for daily activities, for both personal and professional purposes, and being accessed from devices that cannot always be trusted. These usages imply billions of corporate data constantly transiting between information systems, applications and endpoints, widening existing perimeters.
Updated on June 7th: Following the announcement of these discoveries, the "Peel Smart Remote" mobile application was removed from Google Play.
The Peel Smart Remote app is a widely used Google Play application (100M+ installs) that has often made the news because of its highly intrusive behaviors, such as full screen overlays and untimely advertising, causing poor user experience.
Last week, the Pradeo Security engine alerted its users about severe security issues discovered in the app’s 10.7.3.3 version. It has been found that the application collects and leaks users’ pictures to a server that does not belong to the app publisher. Last Friday, the application was updated on the Google Play store (now version 10.7.4.2), the leaky behavior has been removed from the code but yet no communication was made by the company on this matter. Because applications’ update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed.