A few weeks ago, researchers at INRIA presented privacy leaks they had detected in the mobile RATP applications at GreHack conference (NB. RATP is the French organism that deals with subways and trains around Paris). I wanted to check how much things had changed since their study, and downloaded the most recent application from Google Play. First surprise: I downloaded version 2.3.3 whereas INRIA researchers mention version 2.8. I guess there is some versioning discrepancy. Now, what privacy changes have we got? Mainly, Achara et al reported... [Read More]
by RSS Axelle Apvrille  |  Dec 02, 2013  |  Filed in: Security Research
A few months ago, we reported Alligator helped us detect an unknown GPS-leaking adware no vendor had yet spotted: Adware/Geyser!Android. The number has now increased with the discovery of Riskware/Zdchical!Android and Riskware/SmsCred!Android. The former leaks the IMEI and IMSI to a remote server, the latter leaks login/password credentials in cleartext. While those samples are not of the most malignant form - they pose security threats but not with a clear malicious intent - we are happy to improve our surveillance techniques on Android marketplaces... [Read More]
by RSS Axelle Apvrille  |  Nov 14, 2013  |  Filed in: Security Research