1. Hi @makemytrip 👋! Why are you retrieving user data without their consent?
Your #android app is making an http🤦♂️ request to metric.makemytrip.com with the following unencrypted 🤦♂️ data:
- email
- device name
- phone build version
- OS version
- network type
- ...
2. This is the nice tracker package you have here...
It seems they used to retrieve the Client_IP, Gender, Last_Name and more
4. In Europe, IP address is consider as a personal data. According to #GDPR you need to allow user to opt out from this data collection. You have until May to be compliant...
First thing first, we are talking about this app "Bolo Messenger - Secure Chat, Voice & Video Calls" which is the new version of the #Kimbho app play.google.com/store/apps/det…
When you send a message with the #Bolo app, it is checking if your contact is online with this request. The endpoint is taking the "contact userId" (the 1st black rectangle in the picture)
Time for a new thread. The #android#application called @moinsbete is one of the most downloaded applications in France. This app is sending without your consent your personal data to @mopub:
- location
- operator
- mcc
- mnc
- country
- screen size
Yes, all these requests to @mopub are HTTP requests... Welcome to 2018...
This is a very good example of data abuse. Every time you open the @moinsbete#android#app with location on, your location is send without your consent to an US based server owned by @mopub
The samples are available on @koodous_project and @virusbay_io
28c69801929f0472cef346880a295cdf4956023cd3d72a1b6e72238f5b033aca
679d6ad1dd6d1078300e24cf5dbd17efea1141b0a619ff08b6cc8ff94cfbb27e
990d278761f87274a427b348f09475f5da4f924aa80023bf8d2320d981fb3209