Our last travel application for this week. The week after next week we will upload our results recently examined but for Android only. Many of you are familiar for sure with Boingo WiFi and this app helps to find hotspots. Quote from the application market's page:

----------------------- Access to Boingo Hotspots with a Boingo Account ----------------------- • Connect to thousands of Wi-FI hotspots around the world, including airports, hotels, coffee shops, stadiums, malls, and now in-flight! • Get online in one click with Boingo Wi-Finder. • Use with Boingo subscription (Unlimited, Mobile, Global, Amex Preferred Plan), Boingo transactional plan (AsYouGo or Hourly) or buy an iOS subscription in app. ----------------------- Sign Up For Boingo In The App for Only $9.99 Per Month ----------------------- • Unlimited Wi-Fi on all of your iOS devices for is just a few taps away, without leaving the app! • Select the “Sign Up” option in the Wi-Finder app and we’ll walk you through purchasing a “Boingo iOS Monthly” recurring subscription from the iTunes store. Please note: An Internet connection is required to buy a Boingo iOS subscription. • Note: Your Boingo account is an automatically recurring subscription. You may cancel your subscription any time in your iTunes Account Settings. ----------------------- Auto-Login For Subscribers ----------------------- • Simplify your connection experience with Wi-Finder’s new auto-login feature. • Select “Enable Auto-Login” in the app’s Settings screen, and it will automatically log you in at supported Boingo hotspots. Sit back and enjoy a seamless Wi-Fi experience. ----------------------- Boingo-Enabled Network Tag ----------------------- • Discover exactly which Wi-Fi networks near you are Boingo hotspots! • Boingo partner networks will include “Use Boingo Wi-Fi here!” as part of the network description in Settings to make it easier than ever to find Boingo hotspots. ----------------------- Wi-Fi Hotspot Maps ----------------------- • Search for Wi-Fi hotspots near you or around the globe. • Highly recommended: Connect to certified hotspots when available – these locations consistently provide great Wi-Fi experiences. ----------------------- Getting Connected ----------------------- • Select a network from the list, launch the Wi-Finder app, and click "Connect Now!" • Log in to your Boingo account to connect at Boingo Wi-Fi hotspots. Don’t have an account? We offer plans for iPhone, iPad and iPod Touch. Simply visit our website to sign up.

This app is designed to look hotposts and show them on map with distance to them and places where they are. It also asks for you credentials to provide auto-connect option. Frankly talking that's all features from feature list.

Average values are typical: DAR protection is 3 points (6 points per system and 0 points per own protection). DIT protection is 4 points (4 points per system and 4 points per own protection). Application has data combined into following groups: Credentials and Personal Information, Location and Media Information, Analytics & Ads and Log Information. No one groups is good protected, unfortunately.

First pic includes info about data items combined into groups and best protected items found.

Second pic includes info about data items separately from group and worst protected items found

Locally stored data (DAR). Mainly all data items were found as part of log information. Here we have geo data, environment, credentials ID and application config information. Some data stored as part of location data separately from logs - geo data and address data (since app showed you a list of hotspots to connect it shows its address info too). Your personal requests (personalization) stored as part of personal info only and weren't found as part of other groups (usually personal requests sends to ads & analytics servers). However, ads & analytics groups have stored the device and tokens information. Additionally, screenshots of application windows at the moment when you switched between two apps is saved locally too. So these data are good protected because your data can be extracted from backups according to wide available tools. If you have jailbroken iOS device it means no protection at all (0 points). Also, keep in mind there're lot of non-public solutions how to get your data. Warning, if your iOS < 8.3 this data can be accessed without jailbreak even. Since 8.3 this vulnerability was fixed, however it wasn't officially vulnerability almost 4 or 5 years.

Transferred data (DIT). Obviously, the data transferred over internet should be similar to locally stored. So, we have here address data, geo data, personalization and user credentials in its typical groups. Warning, it has not beet detected that data from 'analytics' or log groups were sent over internet but it is possible case.

Good news -no bad protected items, bad news - no best protected items.

Keep in mind, that the latest app version and build was examined on the last iOS and if you use older iOS version < 9 you might have found that app doesn't secure enough and data might be accessed without actions from you side (= the average level for transferred data would be equal 2). Also, older iOS versions < 8.3 don't provide enough protection for app data locally stored to allow access app data (except system like keychain) without jailbreak access. And, even good but template-based MITM protection could be patched too.

#AppStore #iOS #appdata #leakage #privacymeteronline #privacymeter #BoingoWiFinder