EUROPE AFRICA AMERICAS APAC ME


Study finds critical data security flaws in major travel apps

Saturday, 27 Sep, 2015 0
In many markets around the world, mobile use is gaining fast or even level with desktop as the primary platform for online travel bookings. Virtually every industry projection concurs that mobile use will undoubtedly forge ahead as the medium of choice in the trip planning and travel booking process. All the big players in the online travel space have mobile apps offering the ability to book flights, hotel rooms, car rental and more on the go, whenever and wherever you may be on your travels. 
 
Customers download these apps in the knowledge that the same security features are present that are often taken for granted when making bookings on their websites. According to mobile security firm Bluebox Security, this blind acceptance could turn into a very expensive mistake.  Bluebox analyzed the top ten most popular travel apps (each with millions of downloads) for both Android and iOS and found some glaring security vulnerabilities. 
 
"We did a little bit of research in the app ecosystem where we wanted to see what kind of security protection is in place in apps, or rather what protections are not in place. We selected the category of travel apps, which are used by both consumers and enterprises every day for multiple things like airline booking, payments for hotels, restaurants and ride sharing," said Andrew Blaich, Bluebox’s head security analyst.
 
"We noticed that overall security is a second-class factor when apps are being developed," Blaich said. "We looked at a variety of different factors including third-party coders, data exposure and are they exposing or not protecting data they’re saving on the device like log in or credit card information."
 
The Bluebox study found that only one out 10 Android apps analyzed and none from the Apple App Store used any data encryption for stored information such as usernames, passwords, email addresses and even credit card numbers. The report described it as a ‘potentially catastrophic’ situation, but also identified other flaws.
 
About 70% of the code in the apps, Bluebox said, originated from external third-party sources and not created or indeed authenticated in-house. These range from social media APIs, location based content, and other travel related third party information. These come from numerous different Internet resources ‘significantly increasing the attack surface,’ it said. In addition, none of the apps had any anti-tamper or anti-debug protection, again leaving them exposed to possible attack. 
 
"Some of the flaws we discovered would allow an attacker to create a malicious version of the app and have it look the same as the original app," Blaich added.
 
In conclusion, Bluebox stressed app security should be an essential part of the development process from the outset, with robust encryption, ‘self-defending’capabilities and the removal of any unnecessary third-party code. 
 


 

below social share icons
profileimage

TravelMole Editorial Team

Editor for TravelMole North America and Asia pacific regions. Ray is a highly experienced (15+ years) skilled journalist and editor predominantly in travel, hospitality and lifestyle working with a huge number of major market-leading brands. He has also cover in-depth news, interviews and features in general business, finance, tech and geopolitical issues for a select few major news outlets and publishers.



IHG Hotels & Resorts

IHG Hotels & Resorts: Redefining Hospitality Excellence IHG Hotels & Resorts is a globally renowned hospitality company that stands at the forefront of the ind...

Eventsquid

We understand the importance of personal touch We do things a bit differently at Eventsquid. We know that we could hide our sales telephone number from the website — b...

Go Tokyo

The city has been the vibrant heart of Japan for over 400 years, and is a crossroads where tradition meets modernity. We work tirelessly to promote Tokyo to attract do...

Jet2.com

Jet2.com is the UK’s third largest airline, flying from ten UK airports to more than 60 destinations across Europe and beyond. Since our first flight in 2003, we...

Ventura TRAVEL

We are a global network of tourism experts, who create, launch and support highly specialized, individually branded travel services. All our services are led by passio...

London North Eastern Railway

We’re here to provide the very best experience in train travel. From booking your ticket, to asking us a question on the platform and getting settled onboard our train...

Rakuten Travel Xchange

Rakuten is a global powerhouse, with deep roots in Asia, and dominance in Japan. We enable our clients globally to send their guests anywhere in the world – all delive...

Canadian Affair

We are the UK’s leading Canada travel experts   Canadian Affair Company Information Founded in 1995, Canadian Affair offers an a la carte menu of services f...

AC Group

Travel specialists founded the company in 1999 as AC Tours. Since then we have grown and expanded to incorporate four premier brands with offices in London, Paris and ...

Visit Detroit

  The Detroit Metro Convention & Visitors Bureau (DMCVB) is the only organization that promotes metro Detroit regionally, nationally and internationally as a ...

Pure Michigan

The State of Michigan is blessed with the riches of unspoiled nature: the nation’s longest freshwater coastline, lakes that feel like oceans, golden beaches, an ...

Discova

In 2019, Buffalo Tours and Olympus Tours joined the Flight Centre Travel Group (FCTG) family and formed Discova. With the backing of one of the world’s largest travel ...

Wonderful Indonesia

Wonderful Indonesia Indonesia is a country blessed with countless wonders. What makes this country unique is its diverse culture and magnificent nature, which should b...

Wilderness Safaris

At Wilderness Safaris we believe in creating life-changing journeys and have been doing so for over 39 years. Our purpose today is stronger than ever in our dedication...

Avalon Waterways

Why Avalon Waterways: Happiness flows on an Avalon river cruise. From Asia to South America and Europe to the Nile, you’ll cruise in relaxed luxury with river cruising...

Universal Orlando Resort

Take your clients’ vacation to the next level at Universal Orlando Resort™. With three amazing theme parks – Universal Studios Florida™, Universal’s Islands of Adventu...

Titan Travel

Why choose Titan Travel? There are some great travel companies out there – so why Titan? Well, we’re one of the UK’s leading escorted holiday companies (and have been ...

Classic Collection Holidays

Classic Collection is where travel expertise and personal service combine to create the perfect luxury holiday. Our travel agent partners and customers choose us for o...

EU free cabin bags: Will it lead to increased airfares
Most Read
mostcomentedimg Germany new European Entry/Exit System limited to a single airport on October 12, 2025
advisor_img

Airlines suspend Madagascar services following unrest and army revolt
advisor_img

TAP Air Portugal to operate 29 flights due to strike on December 11
advisor_img

Qatar Airways offers flexible payment options for European travellers
advisor_img

Air Mauritius reduces frequencies to Europe and Asia for the holiday season
advisor_img

Airbnb eyes a loyalty program but details remain under wraps

Vegas’s Billion-Dollar Secrets – What They Don’t Want Tourists to Know

Visit Florida’s New CEO Bryan Griffin Shares His Vision for State Tourism with Graham

Chicago’s Tourism Renaissance: Graham Interviews Kristin Reynolds of Choose Chicago

Graham Talks with Cassandra McCauley of MMGY NextFactor About the Latest Industry Research

Destination International’s Andreas Weissenborn: Research, Advocacy, and Destination Impact

Graham and Don Welsh Discuss the Success of Destinations International’s Annual Conference

Graham and CEO Andre Kiwitz on Ventura Travel’s UK Move and Recruitment for the Role

Brett Laiken and Graham Discuss Florida’s Tourism Momentum and Global Appeal

Graham and Elliot Ferguson on Positioning DC as a Cultural and Inclusive Global Destination

Graham Talks to Fraser Last About His England-to-Ireland Trek for Mental Health Awareness

Kathy Nelson Tells Graham About the Honour of Hosting the World Cup and Kansas City’s Future

Graham McKenzie on Sir Richie Richardson’s Dual Passion for Golf and His Homeland, Antigua
TRAINING & COMPETITION
topnews
Prizes up for grabs in Scenic ...
topnews
Holland America Line teams up ...
topnews
Central Florida Insider: Get t...
topnews
Crystal Launches Sell Three, S...
topnews
Introducing Inclusive Collecti...
topnews
Unlock Exclusive Benefits, Red...
Skip to toolbar
Clearing CSS/JS assets' cache... Please wait until this notice disappears...
Updating... Please wait...