This application is available for iOS here. This app was designed to access your gmail account to exchange emails with your friends, colleagues, etc. The latest build was released on Jan 21, 2016.

Let's cite the description of this application below:

Get the official Gmail app for your iPhone or iPad. The newly redesigned app brings the best of Gmail with real-time notifications, multiple account support and search across your entire inbox. With the Gmail app, you can: - Switch between up to 5 accounts - Get notified of new mail fast, with notification center, badge and lock screen options - Search through all your mail quickly - now with predictions as you type - See profile pictures as part of the conversation - Read your mail with threaded conversations - Auto-complete contact names as you type from your Google contacts or your phone - Respond to Google Calendar invites right from the app - Read and respond to interactive Google+ posts right from the app - Organize your mail by archiving, labeling, starring, deleting and reporting spam - Send and receive attachments - Customize emails with custom scribbles

Findings Summary.

Our examination revealed total 18 items, where were 8 DAR items and 10 DIT items found. Among DAR items were found 0 worst items, 5 bad items, 3 good items, and 0 best items. Among DIT items were found 0 worst items, 10 bad items, 0 good items, and 0 best items. Below you find 2 infographics summarizing what we described above. Each image provide information about both DAR and DIT items.

Now let's go deeper and examine each data item's protection level.

Protection levels.

Locally stored data (Data-at-Rest, DAR). Locally stored data groups include Media Information, Address Book 'n' Contact Information, Account Information, Credentials Information, Message Information. The average DAR value is 4.63 points (7.00 points of system protection and 2.25 points of own protection). It is higher than a typical value (3.5 points, where's 7 points of system protection and 0 points of own protection).

Items' GROUP #1 with average value 6.50 points (7 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are possible where system protection level means - root/jailbreak is required but not possible without wiping device data, and own protection level means - data is not available in backups. - Screen Snapshots ('Media Information' Group) - Screenshots of your device screen running certain apps (by default available for iOS device but happens for any 3rd party apps that have such features). This data item related to mentioned group meant to be lot of data like photo, image, video, audio, - Messages ('Message Information' Group) - Different types of messages, conversations except SMS, MMS but incl. recipient & sender IDs and attachments. This data item related to mentioned group meant to be all type of message, incl. SMS, MMS, social & IM messages with or without attachments, - Media URLs ('Message Information' Group) - URLs related to media info such as stream media or profile's media, etc. This data item related to mentioned group meant to be all type of message, incl. SMS, MMS, social & IM messages with or without attachments

Items' GROUP #2 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn't be accessed where system protection level means - root/jailbreak is required but not possible without wiping device data, and own protection level means - stored as is. - Contact Short Profile ('Address Book 'n' Contact Information' Group) - Name, Email ID, Phone number of contacts. This data item related to mentioned group meant to be info stored locally, cached or transferred over the network and belong to this application if it's social even, - Account Data ('Account Information' Group) - Basic info about account like name, list of sub-account (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Media URLs ('Account Information' Group) - URLs related to media info such as stream media or profile's media, etc. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Credentials (IDs) ('Credentials Information' Group) - Only account IDs like app or 3rd party user IDs incl. emails, phone number, usernames and etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Account Settings 'n' Configs ('Account Information' Group) - Information about your account settings and configurations. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications

Also, keep in mind, using jailbroken device means the system protection level is 0 points and you're using out-of-dated iOS < 8.3 the system protection level is 2 points. If some data marked as shareable via iTunes, then the system protection level is 4 points.

Transferred data (Data-in-Transit, DIT). Transferred data groups include Credentials Information, Account Information, Message Information. The average DIT value is 4.00 points (4.00 points of system protection and 4.00 points of own protection). It equals to a typical value (4 points, where's 4 points of system protection and 4 points of own protection).

Items with average value 4.00 points (4 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it's allowed only and may require user action where system protection level means - informs if fake certificate imported into a device, and own protection level means - bypassed by fake/stolen root certificates.

- Credentials (IDs) ('Credentials Information' Group) - Only account IDs like app or 3rd party user IDs incl. emails, phone number, usernames and etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Credentials (Passwords) ('Credentials Information' Group) - Well known passwords or PINs you're using to get an access to your account (usually worse than tokens because gives a full access to your account). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Credentials (Tokens) ('Credentials Information' Group) - Different tokens used to get an access to your account except passwords but incl. app or 3rd party tokens, secret keys and etc. (usually give a full access to your account). This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Credentials (Activation IDs) ('Credentials Information' Group) - Two-factor activation code received in messages. This data item related to mentioned group meant to be any types of credentials incl. basic (ids only), passwords, tokens, etc., - Media Data ('Account Information' Group) - Any kind of info like images, audios, videos, media notes, etc. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Media Data ('Message Information' Group) - Any kind of info like images, audios, videos, media notes, etc. This data item related to mentioned group meant to be all type of message, incl. SMS, MMS, social & IM messages with or without attachments, - Account Data ('Account Information' Group) - Basic info about account like name, list of sub-account (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Media URLs ('Account Information' Group) - URLs related to media info such as stream media or profile's media, etc. This data item related to mentioned group meant to be any info related to profiles, basic credential ids like email or username or phone number plus some more info depends on applications, - Messages ('Message Information' Group) - Different types of messages, conversations except SMS, MMS but incl. recipient & sender IDs and attachments. This data item related to mentioned group meant to be all type of message, incl. SMS, MMS, social & IM messages with or without attachments, - Contact Short Profile ('Message Information' Group) - Name, Email ID, Phone number of contacts. This data item related to mentioned group meant to be all type of message, incl. SMS, MMS, social & IM messages with or without attachments

Keep in mind if you're using out-of-dated iOS < 9.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy Full application privacy policy is available here. You may find privacy policy details proceeding the link above to compare developer's vision on data protection with our results.

Thanks for staying with us, your Privacymeter Team!

#AppStore #badapp #badprotected #iOS #appdata #leakage #EnvApp #Gmail