Airline apps found vulnerable again
In a recent audit, Security testing of global airline apps revealed potential data privacy concerns. The audit was performed in late May 2019 by Pradeo Security, an engine designed to reveal mobile apps’ behaviors (data processing) and vulnerabilities.
While this has been an issue in the past as exposed by a 2015 project by Wandera, it would seem that some of the same functional areas of the apps still create exposure. To provide users with the best services, airlines enable their applications with functionalities to scan passports and credit cards, check-in, make mobile payments, consult boarding passes, etc. This new study shows that at least 49% of airline applications manipulate users’ location information, gallery, and contact list. Then, a third of them send the personal data in question over the network.
Quick updates and short go-to-market times are leading to vulnerabilities within these apps. Audits have revealed potential risks to some of the most common attacks such as man-in-the-middle and data leakage.