VOX: FLAC Music Player with MP3 & Equalizer 2.1.4 (iOS / App Store)

175x175bb (1)

This application is available for iOS. This app is designed to be YouTube and media player. The latest build was released on Sep 22, 2016. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 11 items, where were 5 DAR items and 6 DIT items found. Among DAR items were found 0 worst items, 2 bad items, 2 good items, and 1 best item. Among DIT items were found 0 worst items, 6 bad items, 0 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

Listen to your favorite music for FREE!
VOX Free Music – the best way to search & listen to FREE MUSIC with playlist manager and perfect design.
Get access to the World of Music for Free. Discover new Trending music and Top Charts. Millions of songs, DJ sets, and live concerts.
Search any song and play it with no audio ads on your iPhone or iPad.
Features:

  • Thousands of songs perfectly categorized by genres for free.
  • Search for any music files, audio books​, podcasts and live concerts.
  • Enhanced EQ with BassBooster provides a premium sound quality.
  • Create and Manage your playlists.
  • One of the best Music Player design.

__________________
==========DISCLAIMER==========
This is NOT an official app from the various media services, and this is only an unofficial 3rd-party client that complies with YouTube’s terms of service. This app is NOT an affiliated nor related product of YouTube.
==============================
=====COPYRIGHT INFORMATION=====
All videos are provided by the public third-party media service YouTube. All trademarks and copyrights belong to their respective owners and are used>here

under the terms of Fair Use and the Digital Millennium Copyrights Act (DMCA).
Since VOX Free Music simply links to content on their service via their API, VOX Free Music does not have any direct control of their content. If there are any content that may infringe upon anyone’s copyrights.

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Media Information.
The average DAR value is 5.40 points (7.00 points of system protection and 3.80 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Media URLs (‘Media Information’ Group) – URLs related to media info such as stream media or profile’s media, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– URLs (‘Media Information’ Group) – Different types of URLs referred to your files stored in clouds, profiles, social accounts, media files available online, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio

Items’ GROUP #2 with average value 7.00 points (7 points of system protection, 7 points of own protection) means data protection levels have following definitions. Frankly talking, compliance but there are publicly known techniques to access the data including forensics one where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – data stored in system protected place like keychain (no additional protection still).

– Media Stream (‘Media Information’ Group) – Any info like images, audios, videos, media notes, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio

Items’ GROUP #3 with average value 6.50 points (7 points of system protection, 6 points of own protection) means data protection levels have following definitions. Frankly talking, protection and privacy issues are still possible but might involve interaction with an app code where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – data is not available in backups.

– Screen Snapshots (‘Media Information’ Group) – Screenshots of your device screen running certain apps; common as an iOS app multitasking feature (app swipes) or browser tab swipes. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– Preview (‘Media Information’ Group) – Some pieces of info downloaded locally or to show only on display only like a preview of emails, social posts, documents, thumbnails, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio

Also, keep in mind, using jailbroken device means the system protection level is 0 points and you’re using out-of-date iOS < 8.3 the system protection level is 2 points. If some data marked as shareable via iTunes, then the system protection level is 4 points.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Media Information, Analytics ‘n’ Ads Information.
The average DIT value is 4.50 points (5.00 points of system protection and 4.00 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items with average value 4.50 points (5 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it’s allowed only and may require user action where system protection level means – some techniques are available to developers to keep connection bypassing system settings, like proxy settings, etc., and own protection level means – bypassed by fake/stolen root certificates.

– Media URLs (‘Media Information’ Group) – URLs related to media info such as stream media or profile’s media, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– URLs (‘Media Information’ Group) – Different types of URLs referred to your files stored in clouds, profiles, social accounts, media files available online, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– Media Stream (‘Media Information’ Group) – Any info like images, audios, videos, media notes, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– Preview (‘Media Information’ Group) – Some pieces of info downloaded locally or to show only on display only like a preview of emails, social posts, documents, thumbnails, etc. This data item related to mentioned group meant to be any data like photo, image, video, audio,

– Device Details (‘Analytics ‘n’ Ads Information’ Group) – Includes basic device details plus hardware key and fingerprints as well as IMEI. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Tracked Data ‘n’ Favorites (‘Media Information’ Group) – Any favorites data or tracked data marked as desirable by users and for users (Means, user is on FB messenger, Viber, bank client or favourite hotel, room type, flight route, airline). This data item related to mentioned group meant to be any data like photo, image, video, audio

Keep in mind if you’re using out-of-date iOS < 9.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

Full application privacy policy is available here.

You may find privacy policy details proceeding the link above to compare developer’s vision on data protection with our results.