Opera Coast web browser 5.04 (iOS / App Store)

175x175bb (59)

This application is available for iOS. This app is designed as fastest mobile browser with built-in ad-blocker and news built feature. The latest build was released on Dec 03, 2016. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 15 items, where were 6 DAR items and 9 DIT items found. Among DAR items were found 0 worst items, 3 bad items, 3 good items, and 0 best items. Among DIT items were found 0 worst items, 9 bad items, 0 good items, and 0 best items.

Below you find 2 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

Opera Coast is a completely new way to browse the web on iPhone and iPad. Download this easy-to-use browser and stay updated on exciting stories and news from your favorite sites. Opera Coast is beautiful, fast, secure and offers the smoothest browsing experience on iOS. Get it now. It’s free.
Opera Coast will amuse, inform and divert you. It’s the small moments that can make or break your day, and Opera Coast makes them enjoyable. Like when you need to pass some time at the bus stop, have ten minutes to kill in between meetings or are lounging on the couch on a lazy Sunday afternoon.
We believe there is more to the web than just a handful of favorite sites and the first page of search results. It’s an exciting place, full of surprises waiting to be discovered. Opera Coast brings that to you. It was made to entertain you, without getting in your way.
Here are some of the ways in which Opera Coast makes the web fun:

  • It gives you the smoothest browsing experience on iPhone and iPad. Websites look just as good as those apps you love, and you can navigate easily using simple gestures (including 3D Touch!).
  • Get instant news and entertainment from your favorite sources. As you add sites to your home screen, Opera Coast creates a feed just for you, with updated articles that load instantly.
  • Our search results aren’t a wall of text; they are visual, instead. This makes it easy for you to spot what you are looking for on Google and to access sites.
  • Make it your own. Match your style and personality. Choose from our selection of wallpapers, or use one of your own pictures.
  • We’ll keep you safe. If there is danger from a site, we’ll warn you; otherwise, we won’t bother you with technical details. Just enjoy the ride.
  • You can quickly share stuff from the web, and make it more personal by adding a message. Sharing is caring.
  • Browse smoothly even on slow networks, thanks to our Opera Turbo technology.
  • Juggling several iOS devices? You can sync your Opera Coast data over iCloud between your iPhone and your iPad.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Browser Information, Application Information, Analytics ‘n’ Ads Information.
The average DAR value is 5.00 points (7.00 points of system protection and 3.00 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– News (‘Browser Information’ Group) – Any news non-important data types like NY magazine’s news. This data item related to mentioned group meant to be any info browser stores (credentials, history, cached documents, media, etc.) and activities made via browser instead of native app,

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers,

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Items’ GROUP #2 with average value 6.50 points (7 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are still possible but might involve interaction with an app code where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – data is not available in backups.

– Screen Snapshots (‘Browser Information’ Group) – Screenshots of your device screen running certain apps; common as an iOS app multitasking feature (app swipes) or browser tab swipes. This data item related to mentioned group meant to be any info browser stores (credentials, history, cached documents, media, etc.) and activities made via browser instead of native app,

– Environment (‘Analytics ‘n’ Ads Information’ Group) – Different info about the environment of the device including apps lists, device info, OS name and versions, updates, a list of users, network details, etc. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Locale ‘n’ TimeZone (‘Analytics ‘n’ Ads Information’ Group) – Details about your locale, languages, time zone, country and so on. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements

Also, keep in mind, using jailbroken device means the system protection level is 0 points and you’re using out-of-date iOS < 8.3 the system protection level is 2 points. If some data marked as shareable via iTunes, then the system protection level is 4 points.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Personal ‘n’ Private Information, Analytics ‘n’ Ads Information, Browser Information, Bookmark Information.
The average DIT value is 4.50 points (5.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items with average value 4.50 points (5 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it’s allowed only and may require user action where system protection level means – some techniques are available to developers to keep connection bypassing system settings, like proxy settings, etc., and own protection level means – bypassed by fake/stolen root certificates.

– Personalization (‘Personal ‘n’ Private Information’ Group) – Info describes user preferences, favorites, tracked data, search requests, suggestions, etc. This data item related to mentioned group meant to be any personal and private info is not grabbed from the 3rd party social networks or your IDs,

– URLs (‘Personal ‘n’ Private Information’ Group) – Different types of URLs referred to your files stored in clouds, profiles, social accounts, media files available online, etc. This data item related to mentioned group meant to be any personal and private info is not grabbed from the 3rd party social networks or your IDs,

– Media URLs (‘Personal ‘n’ Private Information’ Group) – URLs related to media info such as stream media or profile’s media, etc. This data item related to mentioned group meant to be any personal and private info is not grabbed from the 3rd party social networks or your IDs,

– Address Data (‘Personal ‘n’ Private Information’ Group) – Home, work or another type of owner address stored by apps. This data item related to mentioned group meant to be any personal and private info is not grabbed from the 3rd party social networks or your IDs,

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Browser Content (‘Browser Information’ Group) – The content of pages opened in a browser with or without text, multimedia and so on, including credentials and passwords. This data item related to mentioned group meant to be any info browser stores (credentials, history, cached documents, media, etc.) and activities made via browser instead of native app,

– Tracked Data ‘n’ Favorites (‘Bookmark Information’ Group) – Any favorites data or tracked data marked as desirable by users and for users (Means, user is on FB messenger, Viber, bank client or favourite hotel, room type, flight route, airline). This data item related to mentioned group meant to be any information about bookmarks,

– Tracked Data ‘n’ Favorites (‘Personal ‘n’ Private Information’ Group) – Any favorites data or tracked data marked as desirable by users and for users (Means, user is on FB messenger, Viber, bank client or favourite hotel, room type, flight route, airline). This data item related to mentioned group meant to be any personal and private info is not grabbed from the 3rd party social networks or your IDs,

– News (‘Browser Information’ Group) – Any news non-important data types like NY magazine’s news. This data item related to mentioned group meant to be any info browser stores (credentials, history, cached documents, media, etc.) and activities made via browser instead of native app

Keep in mind if you’re using out-of-date iOS < 9.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

Full application privacy policy is available here.

You may find privacy policy details proceeding the link above to compare developer’s vision on data protection with our results.