Clever Taxi 2.2.24 (iOS / App Store)

175x175bb (12)

This application is available for iOS. >>>> SHORT DESCRIPTION <<<<<. The latest build was released on May 01, 2017. Our latest check was performed on Mar 26th, 2017

Findings Summary

Our examination revealed total 32 items, where were 12 DAR items and 20 DIT items found. Among DAR items were found 0 worst items, 8 bad items, 2 good items, and 1 best item. Among DIT items were found 0 worst items, 20 bad items, 0 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

[EN]
Best taxi app for calling a taxi. We have the largest number of available taxi drivers. All our taxi drivers are rated and verified by other users.
Clever Taxi is available in more than 20 cities from Romania including: Bucharest, Cluj-Napoca, Timisoara, Oradea Iasi, Constanta, Brasov.
Features:

  • All taxi companies in one place
  • Pay your taxi trip by card or SMS
  • Chat with your taxi driver
  • Track your taxi driver on the map
  • See the ratings of your taxi driver and rate him yourself

Awards:
1st Prize at Mobile Awards Romania 2015, Category Payment
Most innovating app – Bronze Prize, Mobilio 2013, Bucharest, Romania
Best taxi application – Second Prize, Mobile Awards Romania 2013, Bucharest, Romania
Advantages:
Safety – We only work with partners we trust and realiable drivers rated by other users
Free – Clever Taxi is a free app. You only need to pay the taxi trip.
Clever Taxi support line which is dedicated to our users.Contact us at any time at feedback@clevertaxi.com
—————————
[RO]
Clever Taxi este prima aplicație gratuită de taxi din România folosită de peste 500,000 de români.
Disponibilă în peste 20 orașe din România.
Clever Taxi a realizat peste 15 milioane de comenzi prin aplicație.
Premii obținute:
App Payment – First Prize, Mobifest 2015, București
Most innovating app – Bronze Prize, Mobilio 2013, București
Best taxi aplication – Second Prize, Mobile Awards Romania, București 2013
Funcționalități:

  • Comanda ta ajunge la mai multe firme in același timp
  • Poți plăti cu cardul sau prin SMS cursa de taxi
  • Chat cu șoferul de taxi
  • Poți urmări mașina în timp real
  • Poți alege șoferul în funcție de ratinguri

Avantaje:
Siguranță – Verificăm cu atenție fiecare dintre partenerii noștri. Tarifele sunt cele afișate, iar tu poți acorda note/calificative experienței tale astfel încât noi o putem îmbunătăți.
Gratuit – CleverTaxi este o aplicație ce nu implică niciun cost de descărcare. Taximetrul pornește din momentul în care ai urcat în mașină. Nu există costuri suplimentare pentru comanda unei mașini de taxi.
Linie telefonică de suport disponibilă special pentru clienții CleverTaxi.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Media Information, Location ‘n’ Maps Information, Booking ‘n’ Purchases Information, Credentials Information, Account Information, Financial Information, Analytics ‘n’ Ads Information.
The average DAR value is 4.00 points (7.00 points of system protection and 1.00 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 6.50 points (7 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are still possible but might involve interaction with an app code where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – data is not available in backups.

– Screen Snapshots (‘Media Information’ Group) – Screenshots of your device screen running certain apps; common as an iOS app multitasking feature (app swipes) or browser tab swipes. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– Card Short Information (‘Financial Information’ Group) – Some info about card holder, card number full or short) and expiration. This data item related to mentioned group meant to be any info that describe payments capabilities

Items’ GROUP #2 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Address Data (‘Location ‘n’ Maps Information’ Group) – Home, work or another type of owner address stored by apps. This data item related to mentioned group meant to be any geodata from trackers, social networks, GPS, etc.,

– GEO Data (‘Location ‘n’ Maps Information’ Group) – Any GEO info stored as plain text referred to the places or tracked activity. This data item related to mentioned group meant to be any geodata from trackers, social networks, GPS, etc.,

– Orders & Reservation History (‘Booking ‘n’ Purchases Information’ Group) – Basic info about orders, reservations, like ID, date and time, amount of payment, and place (depends on apps). This data item related to mentioned group meant to be any info related to your booking and purchases like travel, app or another kind of purchases,

– Orders & Reservation Details (‘Booking ‘n’ Purchases Information’ Group) – Full info about orders, reservations, like ID, date and time, amount of payment, flight routes, hotel or another order details, rules, linked data. This data item related to mentioned group meant to be any info related to your booking and purchases like travel, app or another kind of purchases,

– Credentials (IDs) (‘Credentials Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Tokens) (‘Credentials Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Account Data (‘Account Information’ Group) – Basic info about account like name, a list of sub-account (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any info related to profiles, basic credential IDs like email or username or phone number plus some more info depends on applications,

– Locale ‘n’ TimeZone (‘Account Information’ Group) – Details about your locale, languages, time zone, country and so on. This data item related to mentioned group meant to be any info related to profiles, basic credential IDs like email or username or phone number plus some more info depends on applications,

– Environment (‘Analytics ‘n’ Ads Information’ Group) – Different info about the environment of the device including apps lists, device info, OS name and versions, updates, a list of users, network details, etc. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Also, keep in mind, using jailbroken device means the system protection level is 0 points and you’re using out-of-date iOS < 8.3 the system protection level is 2 points. If some data marked as shareable via iTunes, then the system protection level is 4 points.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Analytics ‘n’ Ads Information, Device Information, Location ‘n’ Maps Information, Credentials Information, Social Information, Account Information, Payment ‘n’ Transaction Information, Financial Information.
The average DIT value is 4.50 points (5.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items with average value 4.50 points (5 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it’s allowed only and may require user action where system protection level means – some techniques are available to developers to keep connection bypassing system settings, like proxy settings, etc., and own protection level means – bypassed by fake/stolen root certificates.

– Environment (‘Analytics ‘n’ Ads Information’ Group) – Different info about the environment of the device including apps lists, device info, OS name and versions, updates, a list of users, network details, etc. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Locale ‘n’ TimeZone (‘Analytics ‘n’ Ads Information’ Group) – Details about your locale, languages, time zone, country and so on. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Device Data (‘Device Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be details about your device,

– GEO Data (‘Location ‘n’ Maps Information’ Group) – Any GEO info stored as plain text referred to the places or tracked activity. This data item related to mentioned group meant to be any geodata from trackers, social networks, GPS, etc.,

– Address Data (‘Device Information’ Group) – Home, work or another type of owner address stored by apps. This data item related to mentioned group meant to be details about your device,

– GEO Data (‘Credentials Information’ Group) – Any GEO info stored as plain text referred to the places or tracked activity. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Device Data (‘Credentials Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (IDs) (‘Credentials Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Passwords) (‘Credentials Information’ Group) – Well-known passwords or PINs you’re using to get access to your account (usually it is worse than tokens because it gives full access to your account). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Tokens) (‘Credentials Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Tokens) (‘Social Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be info grabbed from 3rd party social networks,

– Credentials (IDs) (‘Social Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be info grabbed from 3rd party social networks,

– Account Data (‘Social Information’ Group) – Basic info about account like name, a list of sub-account (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be info grabbed from 3rd party social networks,

– Account Data (‘Account Information’ Group) – Basic info about account like name, a list of sub-account (e.g. financial or other) and some linked data like a phone number. This data item related to mentioned group meant to be any info related to profiles, basic credential IDs like email or username or phone number plus some more info depends on applications,

– Credentials (Passwords) (‘Social Information’ Group) – Well-known passwords or PINs you’re using to get access to your account (usually it is worse than tokens because it gives full access to your account). This data item related to mentioned group meant to be info grabbed from 3rd party social networks,

– Tracked Data ‘n’ Favorites (‘Location ‘n’ Maps Information’ Group) – Any favorites data or tracked data marked as desirable by users and for users (Means, user is on FB messenger, Viber, bank client or favourite hotel, room type, flight route, airline). This data item related to mentioned group meant to be any geodata from trackers, social networks, GPS, etc.,

– Card Full Information (‘Payment ‘n’ Transaction Information’ Group) – All details about card include short info, holder address, bank info and CVC, CVV, CVV2. This data item related to mentioned group meant to be details about transactions and payment data involved into transaction records,

– Card Short Information (‘Financial Information’ Group) – Some info about card holder, card number full or short) and expiration. This data item related to mentioned group meant to be any info that describe payments capabilities,

– Tracked Data ‘n’ Favorites (‘Financial Information’ Group) – Any favorites data or tracked data marked as desirable by users and for users (Means, user is on FB messenger, Viber, bank client or favourite hotel, room type, flight route, airline). This data item related to mentioned group meant to be any info that describe payments capabilities,

– Card Short Information (‘Payment ‘n’ Transaction Information’ Group) – Some info about card holder, card number full or short) and expiration. This data item related to mentioned group meant to be details about transactions and payment data involved into transaction records

Keep in mind if you’re using out-of-date iOS < 9.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

Full application privacy policy is available here.