Skip to main content
        • Products

          Q-Scout

          Leading edge mobile device security delivering dynamic, actionable intelligence for fleet-wide protection applications

          Q-MAST

          Comprehensive testing for developers who build, use, and manage mobile applications

          Q-Vet

          Mobile app vetting for curated and enterprise managed app stores

        • Solutions by Want

          Mobile Application Security Testing

          Advanced analysis utilizing static, dynamic & interactive analysis of Android and iOS mobile applications

          BYOD

          Secure devices connecting to the enterprise network in the work and live anywhere world

          App Vetting

          Transparent and high-confidence results using pass/fail security evidence

          End Users

          Airtight digital security that empowers you to make informed decisions on what apps you do and do not give access to

          Regulatory Compliance

          Automated compliance testing for the latest privacy and security standards

        • Industries

          Federal Government

          Mobile security solutions for public sector needs across federal, state and local governments

          Finance

          Fintech application security solution for advanced mobile threats

        • Untitled Document

          All Resources

          Blogs

          The latest industry news in cybersecurity’s ever-evolving landscape

          Newsroom

          Press releases, news stories and media highlights from Quokka

          Webinars

          Videos and content where you can learn about the latest threats, trends and issues in cybersecurity

          Whitepapers

          Insights and helpful assets for exploring cybersecurity and digital security

        • Datasheets

          An in-depth description of Quokka solutions

          Technical Papers

          Deep dive into cybersecurity topics and technical papers discovered by Quokka

          Use Cases

          Detailed overview of how Quokka solutions solve real-world pain points

          Guides

          Best practices from our industry experts

          Partners

          Learn more about Quokka’s technology partners

        • Company

          Careers

          There are jobs - and then there is a career at Quokka

          Leadership

          Quokka’s global management team comprised of security experts and industry leaders

  • Support

The Happiest Place on Earth Is Opening Consumers’ Personal Data to Risk

Kryptowire researchers identify popular iOS consumer applications
that pose high risk to user privacy and security as summer travel heats up

Kryptowire researchers identify popular iOS consumer applications
that pose high risk to user privacy and security as summer travel heats up

News Highlights

  • Domestic travel is expected to increase this summer, with spending predicted to reach more than $1.1 trillion for the year, surpassing pre-pandemic levels by about 11%
  • Popular travel apps, including apps from Disneyland, Uber, and Southwest Airlines, may increase users security and privacy risks
  • According to mobile security and privacy leader Kryptowire, everyday app functionality may compromise privacy best practices

May 25, 2022 9 a.m. ET– With summer travel nearing, Kryptowire, a mobile and privacy solutions company, is revealing findings of the riskiest travel applications. The apps, frequently used by consumers, include Disneyland, Uber, Southwest Airlines, and Waze. Kryptowire’s threat research team ran a risk assessment through its Mobile Application Security Testing (MAST) on commonly used applications associated with travel and ranked the threat scores of the highly-downloaded apps on iOS devices.

With domestic travel spending expected to reach more than $1.1 trillion for the year, surpassing pre-pandemic levels by about 11%, consumers must be diligent about safeguarding their mobile devices from applications that could leak or sell personal data. Using its MAST technology, Kryptowire assigned “threat scores” to applications rating their level of security and privacy readiness, with higher scores indicating lower readiness:

Riskiest Travel Applications

  • Disneyland – Threat Score: 85
  • Uber – Request a Ride – Threat Score: 83.6
  • Waze – Threat Score: 82.9
  • Southwest Airlines – Threat Score: 82.2

“While it’s exciting that more people will resume leisure and business travel this summer, we can’t be naive to the risks associated with modern travel, including mobile app usage,” said Alex Lisle, Chief Technology Officer of Kryptowire. “In our new ‘hybrid work’ environment, it’s not just personal devices coming along for the ride. The lines continue to blur between personal bring your own device (BYOD) and professional devices, and its crucial employers and employees are aware of the potential risks.”

Of the top at-risk applications, Disneyland poses the largest privacy concern, as it is able to use multiple device-level resources, including a device’s microphone, camera roll, and contacts without checking for trusted environments. Additionally, while it stores data within the keychain, the limits on when that data can be accessed is not particularly restrictive, and we have also noticed that the device’s unique identifier has been sent across the network. The Device Identifier has traditionally been used to track a device across multiple apps and web traffic, contributing to its high threat score.

Generally, apps collect data and have access to personal information: however, these applications threaten user privacy without being open and consistently scan user activity in the background of devices. Users should consider scanning and restricting access to the apps.

Entry Points to Data & Personal Information

The largest risks to consumers include breaches to privacy and personal data given the following access points to your devices:

  • Access to the Camera
  • Access to the Camera Roll
  • Access to your Contact List
  • Access to the Microphone
  • Access to your location at all times
  • Access to BlueTooth
  • Sharing collected data with third parties

Privacy & Security At Risk When the Apps Collect and Distribute Data

The results of this risk assessment raised several important concerns. Is the amount of data these popular applications collect from the devices really necessary? How well do these companies protect data in the long term? More travel also increases the use of ride share apps like Uber and Lyft, which also collect a significant amount of data. As summer travel picks up, users should better understand how their device is handling their data, and take precautionary steps to limit unnecessary exposure.

Tips to Secure Mobile Devices

  • Monitor access – where possible, understand your app’s privacy policy and remove unnecessary permissions that allow access to device resources, such as camera roll, camera, microphone, and contacts.
  • Establish accountability – whether you’re traveling for work or personal reasons, there are risks. Employers, parents, and other security stewards must ensure devices are secure and protected. End users must also take ownership of their online activity and best practices.
  • Secure devices – Organizations and individual users should prioritize device security through frequent security and privacy readiness screening, using solutions like Kryptowire MAST.
  • Update apps – routinely update your apps to ensure security and privacy concerns are limited.

Methodology: Kryptowire’s Mobile Application Security Testing (MAST) solution tested the security and privacy of various mobile applications in the travel category. Kryptowire identified the top 5 riskiest apps on iOS devices, and the various avenues where the apps can collect and disclose personal information. The analysis reveals the following lend to increased threat scores; what data an app takes from the device, what data the app declares it takes from the device, how the app handles that data, how the app is coded, and areas where the app has been coded improperly. For more details on the risks end-users should be aware of specific to each of these five apps, please visit: www.kryptowire.com/blog/popular-travel-ios-apps-request-excessive-user-data-permissions/

About Kryptowire

Kryptowire is a leader in cloud-based mobile security and privacy solutions, delivering organizations and end-users the peace of mind that comes with intrusion-free mobile security. We enable organizations to scan mobile devices and applications for security, compliance, and other vulnerabilities with no source code access, saving time and costs with zero intrusion into end user privacy. Our mission is to make world-class mobile security more accessible and valuable for businesses and communities around the world.

Media contact:
Melissa Gaffney
[email protected]

Leave a Reply

Close Menu