Travel apps could increase privacy risks, Kryptowire finds

Kryptowire researchers have identified popular iOS consumer app that pose high risk to user privacy and security

As the travel world opens up, and people start going on holidays and work trips, mobile travel apps open employees and their organisations up to cyber risks.

According to new research from the mobile security firm Kryptowire, apps frequently used by travellers, including the Disneyland app, Uber, the Southwest Airlines app, Waze and SpotHero are less safe than they appear to be. The company’s research team ran a risk assessment using its Mobile Security Testing (MAST) on commonly used travel apps to determine their threat scores.

  1. Disneyland - Threat Score: 85
  2. Uber - Request a Ride - Threat Score: 83.6
  3. Waze - Threat Score: 82.9
  4. Southwest Airlines - Threat Score: 82.2
  5. SpotHero - Threat Score: 80.1

The Disneyland app poses the largest privacy concern to users as it uses multiple resources including a device’s microphone, camera roll and contacts without checking for trusted environments, according to Kryptowire.

The app also has insufficient keychain protection, as the limits on when the data it stores within the keychain can be accessed are not particularly restrictive. The researchers also observed that the Disneyland app sends a device’s unique identifier across any network a smartphone with it installed is connected too.

Taking the correct security precautions whilst travelling 

With domestic travel spending expected to reach more than US$1.1tn for the year, surpassing pre-pandemic levels by about 11%, consumers are being warned to be diligent about safeguarding their mobile devices from applications that could leak or sell personal data. 

“While it’s exciting that more people will resume leisure and business travel this summer, we can’t be naive to the risks associated with modern travel, including mobile app usage. In our new ‘hybrid work’ environment, it’s not just personal devices coming along for the ride. The lines continue to blur between personal bring your own device (BYOD) and professional devices, and its crucial employers and employees are aware of the potential risks,” said Alex Lisle, Chief Technology Officer of Kryptowire.

Whilst travelling for leisure or businesses it is important to take the correct precautions to ensure your devices stay secure as possible. Setting up biometric security such as fingerprints or face ID, is a first line of defence. 

With coffee shops, hotels, airports and many other locations offering their customers free access to public Wi-Fi, it’s a convenient way to check your emails, or catch up on social media, but these can pose many cyber risks. If the network isn’t secure, and you log into an unencrypted site, other users on the network could be able to see what you see and send, and also steal personal data. 

By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals — that are lurking on the network — from intercepting your data.


Share

Featured Articles

Founder Shield MD on Navigating Multi-Cloud Complexities

Founder Shield Managing Director Jonathan Selby talks strategies to navigating the complexities of multi-cloud set ups

Qodea CISO Explains How Cyber Threats Could Outrun Cost

Qodea CISO Business Manager Ed Russell explains how growth in sophistication and volume of attacks means current investment in defences falls short

Nokia and NL-ix Deploy Europe’s Largest IXP-Based Anti-DDoS

This collaboration between Nokia and NL-ix is unprecedented both being Largest IXP-Based Anti-DDoS, but the first anti-DDoS solution deployed by an IXP

Bridging the Gap: Examining the UK-US Data Bridge

Data Breaches

Hiddenlayer CSO Tells Why It Made an AI Security Council

Technology & AI

Cooperation Key Theme at Microsoft Endpoint Security Summit

Cyber Security