Travel apps could increase privacy risks, Kryptowire finds

Kryptowire researchers have identified popular iOS consumer app that pose high risk to user privacy and security

As the travel world opens up, and people start going on holidays and work trips, mobile travel apps open employees and their organisations up to cyber risks.

According to new research from the mobile security firm Kryptowire, apps frequently used by travellers, including the Disneyland app, Uber, the Southwest Airlines app, Waze and SpotHero are less safe than they appear to be. The company’s research team ran a risk assessment using its Mobile Security Testing (MAST) on commonly used travel apps to determine their threat scores.

  1. Disneyland - Threat Score: 85
  2. Uber - Request a Ride - Threat Score: 83.6
  3. Waze - Threat Score: 82.9
  4. Southwest Airlines - Threat Score: 82.2
  5. SpotHero - Threat Score: 80.1

The Disneyland app poses the largest privacy concern to users as it uses multiple resources including a device’s microphone, camera roll and contacts without checking for trusted environments, according to Kryptowire.

The app also has insufficient keychain protection, as the limits on when the data it stores within the keychain can be accessed are not particularly restrictive. The researchers also observed that the Disneyland app sends a device’s unique identifier across any network a smartphone with it installed is connected too.

Taking the correct security precautions whilst travelling 

With domestic travel spending expected to reach more than US$1.1tn for the year, surpassing pre-pandemic levels by about 11%, consumers are being warned to be diligent about safeguarding their mobile devices from applications that could leak or sell personal data. 

“While it’s exciting that more people will resume leisure and business travel this summer, we can’t be naive to the risks associated with modern travel, including mobile app usage. In our new ‘hybrid work’ environment, it’s not just personal devices coming along for the ride. The lines continue to blur between personal bring your own device (BYOD) and professional devices, and its crucial employers and employees are aware of the potential risks,” said Alex Lisle, Chief Technology Officer of Kryptowire.

Whilst travelling for leisure or businesses it is important to take the correct precautions to ensure your devices stay secure as possible. Setting up biometric security such as fingerprints or face ID, is a first line of defence. 

With coffee shops, hotels, airports and many other locations offering their customers free access to public Wi-Fi, it’s a convenient way to check your emails, or catch up on social media, but these can pose many cyber risks. If the network isn’t secure, and you log into an unencrypted site, other users on the network could be able to see what you see and send, and also steal personal data. 

By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals — that are lurking on the network — from intercepting your data.


Featured Articles

Why CISOs Remain Crucial in the Age of Rampant Ransomware

As ransomware attacks escalate, the CISO has emerged as an indispensable guardian for the cybersecurity of companies

Q&A: Protiviti's Sameer Ansari on CISOs' Growing Challenges

Managing Director - Global Cybersecurity and Privacy Lead at Protiviti, Sameer Ansari discusses his views on the growing challenges CISOs now face

How Partnerships Proved Pivotal for UnitedHealth After Hack

When hackers hit UnitedHealth subsidiary Change Healthcare with a huge cyber attack, its partnership with Vyne Dental proved pivotal in managing fallout.

Transforming Cybersecurity: IBM & Palo Alto's AI Integration

Technology & AI

C-suite Indifference to Cyber Could Cost Business £145k

Operational Security

Why Avast Warn of Social Engineering in Cybersecurity

Operational Security