We noticed this app recently updated, no changed found. Our finding is still up-to-date

One more application we're going to examine today. This application is available for Android here. This app provides an opportunity to get an offer to order taxi faster & cheaper than other offerings from Taxi agencies. The latest build was released on June 15, 2016. Let's cite the description of this application below: ------------------------------------------- $10 rides anywhere in Manhattan for up to 30 minutes and 4 miles. Never pay surge. Never pay more than your quote. Gett a taxi, black car or SUV in 60 cities including New York, London, Moscow, and Tel Aviv. Book a ride with a single tap: - Ride anywhere in Manhattan for $10 for up to 30 minutes and 4 miles. - Enjoy firm quotes rates and never pay surge again - Order a black car to your door in minutes - Invite friends and earn free rides every time they use your code > App Store Editors’ Choice > Winner of Time Out magazine – Best App of the Year > Forbes named us “one of the top 15 explosively growing companies” > #1 app globally for business accounts and corporate rides

-------------------------------------------

Protection levels.

Locally stored data (Data-at-Rest, DAR). Locally stored data groups include Credentials Information, Log Information, Analytics 'n' Ads Information, Location 'n' Maps Information, Account Information, Loyalty Information. The average DAR value is 3,50 points (7,00 points of system protection and 0,00 points of own protection). It equals to a typical value (3.5 points, where's 7 points of system protection and 0 points of own protection).

The full list of data items were found in this app with protection levels and short description is below:

Items with average value 3,50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn't be accessed where system protection case - root/jailbreak is required but not possible without wiping device data, and own protection case - stored as is. - Credentials (Tokens) ('Credentials Information' Group) - Different tokens used to get an access to your account except passwords but incl. app or 3rd party tokens, secret keys and etc. (usually give a full access to your account). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Log Data ('Log Information' Group) - Logged any data as a solid file or multiparts. This data item related to mentioned group meant to be any information stored in local or network logs, - Device Details ('Analytics 'n' Ads Information' Group) - Includes basic device details plus hardware key and fingerprints as well as IMEI. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - GEO Data ('Location 'n' Maps Information' Group) - Any kind of geo info stored as plain text referred to the places or tracked activity. This data item related to mentioned group meant to be any type of geo data from trackers, social networks, gps, etc., - Credentials (IDs) ('Credentials Information' Group) - Only account IDs like app or 3rd party user IDs incl. emails, phone number, usernames and etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Application Configs ('Analytics 'n' Ads Information' Group) - Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Credentials (Tokens) ('Analytics 'n' Ads Information' Group) - Different tokens used to get an access to your account except passwords but incl. app or 3rd party tokens, secret keys and etc. (usually give a full access to your account). This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Account Data ('Account Information' Group) - Basic info about account like name, list of subaccount (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Account Data ('Loyalty Information' Group) - Basic info about account like name, list of subaccount (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any information related to known reward programs like membership, current rewards, etc., - Owner Profile ('Analytics 'n' Ads Information' Group) - Profile of device owner, include name, basic credentials IDs, linked profile photo. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Environment ('Analytics 'n' Ads Information' Group) - Different info about environment of you device incl. apps lists, device info, OS name and versions, updates, list of users, network details, etc.. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements

Transferred data (Data-in-Transit, DIT). Transferred data groups include Analytics 'n' Ads Information, Credentials Information, Device Information, Financial Information, Application Information, Location 'n' Maps Information, Payment 'n' Transaction Information, Booking 'n' Purchases Information, Loyalty Information. The average DIT value is 4,00 points (4,00 points of system protection and 4,00 points of own protection). It equals to a typical value (4 points, where's 4 points of system protection and 4 points of own protection).

The full list of data items were found in this app with protection levels and short description is below:

Items with average value 4,00 points (4 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it's allowed only and may require user action where system protection case - informs if fake certificate imported into a device, and own protection case - bypassed by fake root certificates (doesn't check certificate path). - Device Details ('Analytics 'n' Ads Information' Group) - Includes basic device details plus hardware key and fingerprints as well as IMEI. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Environment ('Analytics 'n' Ads Information' Group) - Different info about environment of you device incl. apps lists, device info, OS name and versions, updates, list of users, network details, etc.. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Application Configs ('Analytics 'n' Ads Information' Group) - Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Credentials (IDs) ('Credentials Information' Group) - Only account IDs like app or 3rd party user IDs incl. emails, phone number, usernames and etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Credentials (Activation IDs) ('Credentials Information' Group) - Two-factor activation code received in messages. This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Credentials (Tokens) ('Credentials Information' Group) - Different tokens used to get an access to your account except passwords but incl. app or 3rd party tokens, secret keys and etc. (usually give a full access to your account). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Device Data ('Device Information' Group) - Owner Device ID, Owner Device Name, Owner Device OS Name and Version. This data item related to mentioned group meant to be details about your device, - Card Short Information ('Financial Information' Group) - Some info about card holder, card number full or short) and expiration. This data item related to mentioned group meant to be any kind of info that describe payments capabilities, - Application Configs ('Application Information' Group) - Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any kind of info related to app, app settings, incl. installed apps or installers, - GEO Data ('Location 'n' Maps Information' Group) - Any kind of geo info stored as plain text referred to the places or tracked activity. This data item related to mentioned group meant to be any type of geo data from trackers, social networks, gps, etc., - Address Data ('Location 'n' Maps Information' Group) - Home, work or another type of owner address stored by apps. This data item related to mentioned group meant to be any type of geo data from trackers, social networks, gps, etc., - Card Full Information ('Financial Information' Group) - All details about card includes short info, holder address, bank info and CVC, CVV, CVV2. This data item related to mentioned group meant to be any kind of info that describe payments capabilities, - Transaction Details ('Payment 'n' Transaction Information' Group) - Details of transactions were made like ID, date and time, amount of payment, recipient, notes, payment types, linked data, etc.. This data item related to mentioned group meant to be details about transactions and payment data involved into transaction records, - Transaction History ('Payment 'n' Transaction Information' Group) - Some info about transactions were made like ID, date and time, and amount of payment. This data item related to mentioned group meant to be details about transactions and payment data involved into transaction records, - Orders & Reservation Details ('Booking 'n' Purchases Information' Group) - Some info about orders, reservations, like ID, date and time, amount of payment, flight routes, hotel or another order details, rules, linked data. This data item related to mentioned group meant to be not assigned yet, - Orders & Reservation History ('Booking 'n' Purchases Information' Group) - Some info about orders, reservations, like ID, date and time, amount of payment, and place (depends on apps). This data item related to mentioned group meant to be not assigned yet, - Credentials (Tokens) ('Analytics 'n' Ads Information' Group) - Different tokens used to get an access to your account except passwords but incl. app or 3rd party tokens, secret keys and etc. (usually give a full access to your account). This data item related to mentioned group meant to be any kind of info related to analytics services like flurry, google analytics, etc. or advertisements, - Account Data ('Loyalty Information' Group) - Basic info about account like name, list of subaccount (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any information related to known reward programs like membership, current rewards, etc.

Keep in mind if you're using out-of-dated Android < 5.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Below you find two infographics summarizing what we described above.

First pic includes info about data items combined into groups and best protected items found.

Second pic includes info about data items separately from group and worst protected items found

Privacy Policy

Full application privacy policy is available here.

1. Information We Collect 1.1 Personally Identifiable Information (“PII”) During the registration process, we directly collect certain information from you, including your name, a functioning email address where you can be reached, a password of your selection, and a method of payment. Some of this information is PII. We may not, and do not, require a User to disclose more information than is reasonably necessary to access and use Our Site and App. We may engage third parties to collect PII from Users. The types of information that may be collected and stored at that time include the payer’s full name, e-mail address, credit card billing information including mailing address, and such other information as may be requested from time to time. That information is safeguarded with appropriate security and it will not be used for other purposes.

Well, we didn't find more information than it might be. However, users should understand that any kind of activities may produce lot of data items. For example, if you're paying for something, your application usually will keep history and transaction details. Same for linking payment cards, there is a probability you may find history of your card transferring over internet or stored locally.

1.3 Cookies We use “cookies” to save user name, password and language selection for future log-ins to the Site and App, to better understand how Users interact with the Site and App, and to monitor web traffic routing on, and aggregate usage of, the Site and App. Cookies are small text files that a website can use to recognize repeat users, to facilitate the user’s ongoing access to and use of the website, and to compile aggregate data to improve the website. Cookies work as follows: we will send a cookie to a User’s browser that uniquely associates that User’s computer with information stored at the Site and App. That User’s browser places the cookie in its cookies file. When that User next accesses the Site or App, the Site or App recognizes the cookie, makes available the stored information (such as user names, password and language selection), and may add new information based on the present visit.

Even cookies is term is usually used to describe activity between server and your web-browser, we can redefine it for mobile apps as 'tokens'. And yes, this information was found on the device and in the traffic.

1.4 Communications We collect, store and may review records of communications that Users send to the Site or via the App. When a User sends email or other communications to us, regardless of whether or not the communication contains PII, we may retain those communications in order to process that User’s inquiries, respond to requests, and improve Our services.

It's not possible to verify it because we don't perform security audit of any developers' servers, so we just agree it may happens and not many developers tell about it tending to say 'we don't store anything, no worries'.

3. Security and How We Safeguard Information We Collect The security of Users’ information is important to us. We have put in place appropriate security systems designed to prevent unauthorized access to, disclosure and use of information Users provide to us. These systems are structured to deter and prevent hackers and others from accessing this information. Due to the nature of Internet communications and evolving technologies, however, we cannot provide, and expressly disclaim, any assurance that the information provide to us will remain free from loss, misuse, or alteration by third parties who, despite Our efforts, obtain unauthorized access.

That's the paragraph we're looking every time to see how much effort developers put into protection customer data. They confirm they can't provide protection, application has an average protection level and it's not even good level, just average over all applications we have ever examined before.

Thanks for staying with us, your Privacymeter Team!

#Gett #Gettaxi #privacypolicy #privacymeteronline #privacymeter #leakage #appdata #Android #GooglePlay #Privacy #mediumprotected #averageapp