Summer travel is heating up with domestic travel expected to increase this year and spending predicted to reach more than $1.1 trillion, surpassing pre-pandemic levels by about 11%. As the travel season approaches, consumers are looking to mobile apps for a smoother travel experience. Based on Quokka findings, popular travel apps, including Disneyland, Uber, and Southwest Airlines, may be opening consumers’ personal data and security to risk. Using our Q-MAST technology, we’ve assigned “threat scores” to applications rating their level of security and privacy readiness, with higher scores indicating lower readiness.
Riskiest iOS Travel Applications
- Disneyland – Threat Score: 85
- Uber – Request a Ride – Threat Score: 83.6
- Waze – Threat Score: 82.9
- Southwest Airlines – Threat Score: 82.2
Application Permissions
When you first download applications, they ask you to opt into certain permissions like location sharing, camera access, contact list and more. They ultimately require consumers who want to use the application to allow access to their personal information whether they are using the app or not. But why does SpotHero always need access to your location? SpotHero’s privacy policy lists their reasoning for always accessing your location as being “Used to find parking near you and to notify you about your reservation location.”
Many users are quick to allow access to their personal information and pay little to no attention to the privacy policies and why and how companies are collecting and using data. Popular apps are consistently requesting access to data that doesn’t serve the application’s core purpose. For example, Disney uses location permissions and if you chose to only grant permission ‘while using’ the app, it is ultimately mute because if you enable Bluetooth for this app, they may infer the location of your device based on Bluetooth beacons it interacts with at Disney Parks and Resorts, even if you turn off Location Services (per their privacy policy).
It seems that every few weeks companies are disclosing they’ve been breached and their data has been stolen or leaked. So how do you mitigate the amount of data applications can access? It is important to know what types of data you are allowing applications to access and make sure it is as limited as possible. In the wrong hands, access to data from your microphone or camera could be used to steal sensitive material. If leaked, your business or personal information can be exploited. Stay safe and limit data overexposure, don’t overprescribe your data to access apps. If it’s not fundamental to the app’s core function, don’t allow them to collect it, or store it.