This statement only applies to Metrodroid distributed via the Google Play Store.

Use of your personal information

Metrodroid allows you to read many types of transit and payment cards.

Metrodroid itself does not centrally collect or share any information about how you use the software, or the contents of cards you scan.

In normal operation, Metrodroid will store a timestamped snapshot of the card’s content on your device:

Metrodroid does not communicate with the card’s issuer or third parties without your consent, and the card readers operate entirely offline unless otherwise noted below (Leap).

When Metrodroid is installed from Google Play, Google collects other technical and statistical data about Metrodroid’s operation from your device, and share it in aggregate with Metrodroid’s developers. Metrodroid’s developers have no control over this. More details can be found in Google Play’s Data Access for Developers policy.

Leap

Background: Leap cards are fully locked MIFARE DESFire cards. No data is readable without using challenge-response authentication.

Crafting a response for Leap card’s challenge-response authentication requires three things:

  1. a single-use challenge (pseudo-random data) from your Leap card
  2. your Leap card’s unique hardware identifiers
  3. a secret key known only to the card issuer - Transport for Ireland (TfI)

TfI operates a web service which can craft these responses, but requires transmitting both the challenge itself and your Leap card’s unique hardware identifiers. This information is encrypted in transit, and handled according to TfI’s privacy statement.

Due to the potentially-sensitive nature of this data, Metrodroid will only communicate with TfI’s web service with your consent.

Metrodroid does not “phone home” during this process – it will only communicate with TfI.

By default: Metrodroid will not attempt to unlock these cards, and they will be unreadable.

You can provide (or revoke) consent at any time in Metrodroid’s preferences: under Advanced Options, select Near Field Communication, then tick (or un-tick) Retrieve keys for Leap cards.

If you provide consent, and only when reading a Leap card, Metrodroid will:

  1. Automatically send the authentication challenge and your Leap card’s unique hardware identifiers to a web service operated by TfI, and fetch the challenge response.

  2. Use the challenge response to temporarily unlock the files on the card.

  3. Take a snapshot of the unlocked files, as normal.

If you revoke consent, you will only be able to read snapshots of Leap cards collected while consenting.

Permissions

Metrodroid requires some permissions to function correctly:

If in doubt, on Android 6.0 and later, you can selectively revoke permissions.

Return to the Metrodroid home page.