Threat advisory



PII Leak, Credentials Leak


iOS, Android



Skyscape is a US company that provides decision-support applications for Physicians, Nurses,Students and Healthcare Professionals. Wandera detected that both the iOS and Android apps of Medpresso, Inc healthcare app Skyscape are leaking the emails and passwords of users in clear text. 100,000 to 500,000 users are said to have downloaded the application, therefore thousands of accounts may have been compromised and had their credentials stolen.

Security Implications

Wandera tests on the latest Skyscape apps available on Play Store and iTunes, confirm that subscribers’ email addresses and passwords are transferred in clear text over unsecure connection, making them an easy target for attackers listening to the connection.

In order to set up an account, users provide their personal information, which could have catastrophic consequences if it falls into the wrong hands. This information could be misused by the attacker in case of a credential compromise.

Risk details

Wandera researchers have discovered data leaks occurring during the login and registration request processes in both the Android and iOS versions of the application. This results in the following sensitive PII being exposed:

Username, Password, First and Last name, E-mail, Phone Number, Password, Physical addresses, Places of employment, Profession/Speciality

Remediation & prevention

Both businesses and users should have an active mobile security service deployed to block data leaks among applications used. Users should avoid using the Skyscape mobile applications over public and potentially insecure WiFi hotspots in order to minimize the risk of traffic interception. The developers of the Skyscape apps are advised to utilize SSL/TLS in order to protect the transmission of personally identifiable user information, session tokens, or other sensitive data to a backend API or web service.

About the Skyscape app

The “Skyscape” app

Global impact:
Everyone using the mobile application

Action required:
Make sure the username and password are not displayed in open form in GET and POST requests. Utilize SSL/TLS while transferring sensitive or personal data

Android app › | iOS app ›