If you or anyone you know has the Peel Smart Remote app installed on any Android devices, now is the time to update it or uninstall it entirely, because it could be sending your personal pictures, information, and documents to an unknown server.
The Peel Smart Remote app has been installed more than 100 million times – and with some terrible recent customer reviews to boot.
However, last week security firm Pradeo Lab discovered that the Peel Smart Remote app was leaking users' pictures to a server that doesn't belong to the app developer, Peel Technologies.
The issues lie in the Peel Smart Remote app version 10.7.3.3. Although the app claims it merely enables your device to act as a smart remote for your TV, satellite box, streaming media players and home appliances, that particular version of the app asks for permissions that have very little to do with remote control functions.
The app asks for permissions including the device's camera, read and write permissions for contacts, read permissions for calendar, the ability to kill background processes and disable keyguard, and the ability to record audio - amongst a long list of other permissions.
“According to the official Android app developers' documentation, ‘External storage is the best place for files that don't require access restrictions and for files that you want to share with other apps or allow the user to access with a computer'. By writing anything on external storage, the Peel Smart Remote app highly exposes its users' data. By reading it, it accesses users' pictures, video, audio and any other files stored on it,” Pradeo Labs explains.
Pradeo Lab also found that the app also collects personal information like the user's age, ethnicity, income, and political orientations and sends them over the network.
Although the new version of Peel Smart Remote (10.7.4.2) has removed the leaky behaviour, Peel Technologies has remained silent about the issues.
Peel Smart Remote is also littered with advertisements, lock screen overlays, and popups. What's more, it still comes preinstalled on many tablets and smartphones.
Pradeo Lab recommends that people who use Peel Smart Remote should uninstall it or to update to the latest version to prevent pictures from being breached.
“Because applications' update is not automatic on all Android devices, millions of users running the former version of the app are still currently exposed,” Pradeo Labs states.
Pradeo Labs does not mention whether the vulnerabilities affect the iOS version of Peel Smart Remote.