TaxiHail does not use encryption when communicating with the server.
TaxiHail can be customized for deployment by taxi companies, meaning that multiple apps available via the iOS and Google app stores may inherit this vulnerability. According to the reporter, "over 100" apps may derive from TaxiHail.
An unauthenticated remote attacker may be able to gain private knowledge of the app user, and sniff network traffic from the app.
Apply an update
Mobile Knowledge has addressed this issue in version 3.1.26 of the TaxiHail app for both Android and iOS. Apps making use of TaxiHail have also been regenerated.
An older version of TaxiHail was reported as not correctly validating SSL certificates. According to the reporter, this issue is fixed in the latest version of TaxiHail. It is currently unclear which version originally addressed this problem.
Affected users should update their apps as soon as possible to obtain the fix.