Discover more from Malcore’s Blog
Travel, Booking, & Ridesharing Apps
Malcore, by Internet 2.0, will publish analysis results on all popular travel and booking mobile apps. Malcore is an automated analysis tool to scan files and programs to detect malware & assess risk.
The Malcore team are releasing individual blog posts on each popular Travel, Booking and Ridesharing mobile applications. These are detailed individual blog posts that pull together the results of Malcore’s analysis per application.
The Travel, Booking, and Ridesharing industry analysis project shows us the relative Malcore risk score for each application. It is a comparative process where the controls are the Malcore algorithm, only android apk were used and the time of analysis was the same for all applications. We hope this project provides users more transparency on the relative data harvesting practices, and relative risk scores, of all mobile applications.
The below graph is an updating chart we will republish as our analysis results come in over the next few months.
For the graph there is inconsistent public information on active users and downloads per mobile application. We estimated placement by using the downloads on google play store and bracketed by reported monthly active users. We would be happy to adjust this data if applications send us official numbers.
We must note this analysis process is not a conclusive code review. It is a static analysis with automated code review using Malcore. A detailed manual source code review and to manually view app activity during dynamic analysis is considered a conclusive method to assess risk. A manual code review tends to find a lot more information but costs significant time.
All Malcore research is self-funded which means we are limited by time. By comparison, our TikTok technical analysis report at Internet 2.0 was far more detailed and conclusive on TikTok than these short blog posts.
The scores are listed here from lowest to highest as we publish the results per application.
ÖBB Tickets = 5.05 (This is presently the lowest score in the industry, with only 1 tracker and 2 high severity code warnings)
National Express = 11.7 (The second lowest score presently, National Express has 3 trackers and 4 high severity code warnings)
Booking.com = 20.15 (Booking.com has 6 trackers and 12 dangerous permissions)
Uber Eats = 27.4 (Uber Eats has only four trackers, and an average number of risky permissions, which accounts for the low score)
Google Maps = 28.15 (Google Maps has only one tracker, “Google firebase”, and a fair number of risky permissions)
Uber = 30.45 (Uber has five trackers, and a standard number of risk/permissions warnings)
FlixBus & FlixTrain = 30.45 (The same score as Uber, FlixBus & FlixTrain has 11 trackers, 3 high severity code warnings and 6 dangerous permissions)
Beam = 32.05 (Beam has nine trackers, and a standard number of risks/permissions warnings)
Neuron = 34.2 (Neuron has nine trackers, and a standard number of risks/permissions warnings)
Expedia = 36.25 (Expedia has ten trackers, and a slightly above average number of risk/permissions warnings)
Bolt = 36.9 (Bolt has 12 trackers, and a slightly above average number of risk/permissions warnings)
Didi = 50.0 (Didi has eight trackers, and a high number of risk/permissions warnings)
Glovo = 51.2 (Glovo has a record 17 trackers)
Grab = 54.4 (Highest score of industry, at present. Requests many suspicious permissions)
To view how these scores are created visit our transparency post where we published a description of our phone application threat scoring algorithm.
Try Malcore for Free!
First 5 scans are free on registration