Travel apps could increase privacy risks, Kryptowire finds

Kryptowire researchers have identified popular iOS consumer app that pose high risk to user privacy and security

As the travel world opens up, and people start going on holidays and work trips, mobile travel apps open employees and their organisations up to cyber risks.

According to new research from the mobile security firm Kryptowire, apps frequently used by travellers, including the Disneyland app, Uber, the Southwest Airlines app, Waze and SpotHero are less safe than they appear to be. The company’s research team ran a risk assessment using its Mobile Security Testing (MAST) on commonly used travel apps to determine their threat scores.

  1. Disneyland - Threat Score: 85
  2. Uber - Request a Ride - Threat Score: 83.6
  3. Waze - Threat Score: 82.9
  4. Southwest Airlines - Threat Score: 82.2
  5. SpotHero - Threat Score: 80.1

The Disneyland app poses the largest privacy concern to users as it uses multiple resources including a device’s microphone, camera roll and contacts without checking for trusted environments, according to Kryptowire.

The app also has insufficient keychain protection, as the limits on when the data it stores within the keychain can be accessed are not particularly restrictive. The researchers also observed that the Disneyland app sends a device’s unique identifier across any network a smartphone with it installed is connected too.

Taking the correct security precautions whilst travelling 

With domestic travel spending expected to reach more than US$1.1tn for the year, surpassing pre-pandemic levels by about 11%, consumers are being warned to be diligent about safeguarding their mobile devices from applications that could leak or sell personal data. 

“While it’s exciting that more people will resume leisure and business travel this summer, we can’t be naive to the risks associated with modern travel, including mobile app usage. In our new ‘hybrid work’ environment, it’s not just personal devices coming along for the ride. The lines continue to blur between personal bring your own device (BYOD) and professional devices, and its crucial employers and employees are aware of the potential risks,” said Alex Lisle, Chief Technology Officer of Kryptowire.

Whilst travelling for leisure or businesses it is important to take the correct precautions to ensure your devices stay secure as possible. Setting up biometric security such as fingerprints or face ID, is a first line of defence. 

With coffee shops, hotels, airports and many other locations offering their customers free access to public Wi-Fi, it’s a convenient way to check your emails, or catch up on social media, but these can pose many cyber risks. If the network isn’t secure, and you log into an unencrypted site, other users on the network could be able to see what you see and send, and also steal personal data. 

By using a VPN when you connect to a public Wi-Fi network, you’ll effectively be using a ‘private tunnel’ that encrypts all of your data that passes through the network. This can help to prevent cybercriminals — that are lurking on the network — from intercepting your data.


Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security