On November 26, 2025, France’s governmental authority for cybersecurity (ANSSI) published a report titled “Mobile Phones: Threat Landscape Since 2015.”
The agency reviews a decade of attacks targeting mobile devices, analyzes the techniques used by cybercriminals, and provides concrete recommendations to reduce risk.
The ANSSI officially acknowledges that mobile devices have become a strategic and regularly exploited attack vector. For organizations, the report provides a clear roadmap to strengthen the protection of entire mobile fleets.
Mobile devices : a pervasive and underestimated threat
From the very first pages, The ANSSI highlights that mobile phones have evolved into complex systems combining multiple network interfaces, modern operating systems, and dense application ecosystems.
This combination significantly expands the attack surface and exposes users to a wide range of risks.
The agency provides risk-reduction measures for each attack vector. These recommendations apply to individuals but especially to organisations managing professional mobile fleets. A Mobile Threat Defense (MTD) solution like Pradeo’s addresses these requirements, and goes further by adding a layer of automatic detection and remediation.
ANSSI’s Recommendations: how Pradeo facilitates their implementation
1. Strengthen protection against phishing and malicious links
The report highlights the central role of social engineering in mobile attacks. The ANSSI emphasizes that simply opening a link received via text message, instant messaging, email, or even QR code can be enough to trigger the installation of a spyware or a malicious application, often in the form of an APK downloaded from outside the official store.
The ANSSI therefore recommends increased vigilance toward messages containing links, reminding that many mobile attacks stem from user interaction.
Pradeo Mobile Threat Defense directly addresses this recommendation by analysing every URL the device attempts to access, whether originating from an SMS, email, messaging app, or QR code. The solution automatically blocks pages identified as malicious, prevents the download of malicious files, and interrupts the attack chain at the very first click, even if the user is tricked into opening a fraudulent message.
2. Secure wireless networks and interfaces (Wi-Fi, Bluetooth, NFC, 2G)
The ANSSI outlines the risks associated with using untrusted networks:
-
Fake Wi-Fi access points can intercept, manipulate or redirect traffic.
-
Weaknesses in the 2G protocol allow malicious relay antennas to monitor a device.
-
Bluetooth and NFC, when left enabled in unsafe environments, expose users to proximity attacks.
The agency recommends limiting the use of these interfaces, avoiding public networks, and disabling wireless technologies when not needed.
Pradeo Mobile Threat Defense implements these recommendations by detecting rogue networks, preventing connections to compromised access points, and guiding remediation actions.
The solution also monitors the status of Wi-Fi, Bluetooth, and NFC, and flags any abnormal or context-inconsistent exposure.
3. Control sensitive permissions and application behaviors
The report stresses the misuse of critical permissions, a recurring theme in mobile attack campaigns. The ANSSI specifically highlights Accessibility, microphone, camera, and location permissions, often diverted to spy on the user, manipulate the interface, or perform actions on their behalf.
The agency advises strict control over application permissions and discourages installing overly permissive apps or those whose behaviour does not match their intended function.
Pradeo Mobile Threat Defense continuously analyses the permissions requested by each application and monitors their real behaviour. When an application requests a critical permission without functional justification or exhibits abnormal behaviour (abusive use of Accessibility, data exfiltration, screen overlay…), the device is automatically flagged as risky and the malicious application is blocked by the agent.
4. Avoid installations outside official stores
The ANSSI warns against sideloading, installing apps from untrusted sources. This vector is behind numerous malware campaigns, especially those distributing APKs retrieved through phishing.
The report recommends avoiding installations from unknown sources and notes that even legitimate apps may later download malicious code once installed.
Pradeo Mobile Threat Defense immediately detects any application installed from an unapproved or unknown source. The security team is alerted as soon as a suspicious APK appears on the device, and the solution can block or prevent its execution to avoid compromise.
5. Strengthen overall device posture (hardening and updates)
The ANSSI strongly recommends regularly installing security updates and enabling hardening mechanisms available on modern systems, such as Lockdown Mode on iOS or Advanced Protection Mode on Android 16+. These mechanisms reduce the attack surface and mitigate risks linked to unpatched vulnerabilities. The report reminds that many implants exploit outdated systems.
Pradeo Mobile Threat Defense continuously checks device compliance: OS version, security patch level, absence of developer or debugging mode, and detection of jailbroken or rooted devices. A device that is outdated or insufficiently secured can be automatically marked as non-compliant and subjected to access restrictions.
Why a Mobile Threat Defense solution Is now essential
The ANSSI report highlights a key takeaway: mobile attacks now combine multiple vectors (phishing links, malicious applications, sensitive permissions, configuration weaknesses…) that neither an antivirus nor a mobile management solution (MDM/UEM) can address alone.
An antivirus primarily analyzes files, whereas modern mobile attacks rely on a multi-vector approach. An MDM/UEM configures, administers, and controls the usage of devices, but cannot detect malicious behaviors or permission abuse.
This is exactly where Pradeo Mobile Threat Defense adds value. By providing continuous detection, behavioral analysis, and automated remediation, the solution complements the MDM/UEM.
Both are now indispensable and, together, enable organizations to implement the ANSSI’s recommendations reliably, automatically, and at scale.
To learn more, read the full ANSSI report: Mobile Phones : Threat landscape since 2025
