Skip to main content
        • Products


          Leading edge mobile device security delivering dynamic, actionable intelligence for fleet-wide protection applications


          Comprehensive testing for developers who build, use, and manage mobile applications


          Mobile app vetting for curated and enterprise managed app stores

        • Solutions by Want

          Mobile Application Security Testing

          Advanced analysis utilizing static, dynamic & interactive analysis of Android and iOS mobile applications


          Secure devices connecting to the enterprise network in the work and live anywhere world

          App Vetting

          Transparent and high-confidence results using pass/fail security evidence

          End Users

          Airtight digital security that empowers you to make informed decisions on what apps you do and do not give access to

          Regulatory Compliance

          Automated compliance testing for the latest privacy and security standards

        • Industries

          Federal Government

          Mobile security solutions for public sector needs across federal, state and local governments


          Fintech application security solution for advanced mobile threats

        • Untitled Document

          All Resources


          The latest industry news in cybersecurity’s ever-evolving landscape


          Press releases, news stories and media highlights from Quokka


          Videos and content where you can learn about the latest threats, trends and issues in cybersecurity


          Insights and helpful assets for exploring cybersecurity and digital security

        • Datasheets

          An in-depth description of Quokka solutions

          Technical Papers

          Deep dive into cybersecurity topics and technical papers discovered by Quokka

          Use Cases

          Detailed overview of how Quokka solutions solve real-world pain points


          Best practices from our industry experts


          Learn more about Quokka’s technology partners

        • Company


          There are jobs - and then there is a career at Quokka


          Quokka’s global management team comprised of security experts and industry leaders

  • Support

Summer Travel: The Riskiest Travel Apps on iOS

Melissa Gaffney | May 25, 2022

Melissa Gaffney

May 25, 2022

Summer travel is heating up with domestic travel expected to increase this year and spending predicted to reach more than $1.1 trillion, surpassing pre-pandemic levels by about 11%. As the travel season approaches, consumers are looking to mobile apps for a smoother travel experience. Based on Quokka findings, popular travel apps, including Disneyland, Uber, and Southwest Airlines, may be opening consumers’ personal data and security to risk. Using our Q-MAST technology, we’ve assigned “threat scores” to applications rating their level of security and privacy readiness, with higher scores indicating lower readiness.

Riskiest iOS Travel Applications

  • Disneyland – Threat Score: 85
  • Uber – Request a Ride – Threat Score: 83.6
  • Waze – Threat Score: 82.9
  • Southwest Airlines – Threat Score: 82.2

Application Permissions

When you first download applications, they ask you to opt into certain permissions like location sharing, camera access, contact list and more. They ultimately require consumers who want to use the application to allow access to their personal information whether they are using the app or not. But why does SpotHero always need access to your location? SpotHero’s privacy policy lists their reasoning for always accessing your location as being “Used to find parking near you and to notify you about your reservation location.”

Many users are quick to allow access to their personal information and pay little to no attention to the privacy policies and why and how companies are collecting and using data. Popular apps are consistently requesting access to data that doesn’t serve the application’s core purpose. For example, Disney uses location permissions and if you chose to only grant permission ‘while using’ the app, it is ultimately mute because if you enable Bluetooth for this app, they may infer the location of your device based on Bluetooth beacons it interacts with at Disney Parks and Resorts, even if you turn off Location Services (per their privacy policy).

It seems that every few weeks companies are disclosing they’ve been breached and their data has been stolen or leaked. So how do you mitigate the amount of data applications can access? It is important to know what types of data you are allowing applications to access and make sure it is as limited as possible. In the wrong hands, access to data from your microphone or camera could be used to steal sensitive material. If leaked, your business or personal information can be exploited. Stay safe and limit data overexposure, don’t overprescribe your data to access apps. If it’s not fundamental to the app’s core function, don’t allow them to collect it, or store it.

Leave a Reply

Close Menu