Data sent to card io servers [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

---

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 9 years ago.

Improve this question

It is my understanding that no card data is ever sent out, to any server. All processing is happening on the device. Is this the case?

I did notice (via Charles Proxy) that one request is made to the host api.card.io Are the card.io folks able to tell me what is being sent out?

Below is the request details:

CONNECT api.card.io:443 HTTP/1.1
Host: api.card.io
User-Agent: card.io/icc (3.6.5 [Apr.21.2014-30fe])
Connection: keep-alive
Proxy-Connection: keep-alive

≠©S[åVÜÃ∞È"≠/vΩœ§ãöΩœ–®ï∑Ñπ‹ÿ˜Jˇ¿$¿#¿
¿   ¿¿¿(¿'¿¿¿¿¿&¿%¿*¿)¿¿¿¿¿¿¿¿
=</5
gk396api.card.io


Nåÿú\–˚Ù≠}Îöª‘Vó¶∫ˆ'⁄î@»ŸÆ∆2ëfiÅÄË
Iè∏
˙
âB⁄B∫ø}CÈpE]ÜÂ9ÉΩ◊¨ƒ≠A¥48pO˛^ÿ†π ‹Ëñ5Á!fVeRêüŸ∂'¯Ÿˇj<©≈Ì[∏;.?m´ú°—Ë’,KπE_Íkˆt∑{ˇëgRºxDø^‰.Ù»§pm4Å_Ë‹UwѺy¸&-I∂é’œáfi:g≠“«óOπ«ù¸Á—•Ifi)ÉflWŒú¬ºº‰NC¢–sHÙ˙ÃÎqcÓÌ⁄∑o++ùOÂWD˚¸Å$á´|ë|90˙X)◊U≠›di9eí¡"yt°ÂÖ9hÊπ¬vu ys™∞ƒAÉ;Ê14óΩBÏv@sQ¬…T¿B˛ƒ\í°¢rÇ≥€≠c≥°]‚X0œ€’T]„ë"ñ,N@y¸H∫OSëAÇ⁄»df∑mLœÈ¥ÛW:˙1IQïÊ/اd˙fiNÑ=çqRz≥ö«X'4(:âX!fi<*Æ,}≈ËÎ{rÌ⁄ô∑µ+Åz'ÖsyÄ÷Xtjöf ÊËAJÿÜRÏÈ™ä’F|å!°Í›!kaå»—O˘˜9ÊϙÜ7ùxë5ËÒYËfipõ…—5XxÆòOÅÙÔÿc˘åZ‡˚W›ët∆ÌCê—mhy∞‘V>j-÷R8FÚd»¢ı≠_êx˙ÇSÏ≈Ù„"°Ë}‘∫m” “¡d@VêÖjöØÚºÓœø∑œ…~πMÂa5fiÙ:À6ò≠v“æ
®Òœõ”À ‰r¶¬£±#ú®˝q¬%^|b¡l: ÈÈ9KÊoç

Answer 1

card.io sends auth requests ("may this app scan cards?") and analytics data. None of that includes card data. I suspect you'll find that the wire data you captured is a binary plist.