Bundle Report

lyft v7.88.3

Bundle risk41medium

Binary-only · L1Analyzed 1d ago

v7.88.3build 7880030medium· 41

c8e7b4a3d2…f1a9

Platform: Android · APK
Bundle size: 131.8 MB
OS range: Android 8.0 (API 26) → Android 14 (API 34)
Architectures: arm64-v8a, armeabi-v7a
Permissions: 8

Store review readiness

Will flag at review

3 reviewer-flag items but no auto-rejection causes.

Safe to submit, but the reviewer may ask about the items above. Have answers ready and watch for review delays.

Blocking0

No pre-review rejection causes

None detected

Needs review3

Reviewer may ask

Cleartext traffic permitted for analytics subdomain
Exported activity without explicit permission
Vulnerable Bouncy Castle version· bouncycastle

OK3

What was checked and passed

Data Safety form covers SDK-collected data categories
Data Safety form covers third-party sharing
No version-confirmed CVEs against bundled SDKs

4 findings

Cleartext traffic permitted for analytics subdomainNetwork security · warning
network_security_config.xml allows http://analytics.lyft.com
Exported activity without explicit permissionExported component · warning
com.lyft.android.deeplink.RootDeepLinkActivity is android:exported="true"
Vulnerable Bouncy Castle versionSDK vulnerability · warning
1.70 detected; CVE-2024-30172 fixed in 1.78
component: bouncycastle
5 tracking SDKs detectedTracking SDK · info
Adjust, AppsFlyer, Branch, Segment, Firebase Analytics

Want PR-level context for this app?

Connect the GitHub repo for this app to upgrade to L3. You'll get per-PR Check Runs, source-aware risk factors, and root-cause attribution against this exact bundle.

Compare tiers