EUROPE AFRICA AMERICAS APAC ME


Study finds critical data security flaws in major travel apps

Sunday, 27 Sep, 2015 0
In many markets around the world, mobile use is gaining fast or even level with desktop as the primary platform for online travel bookings. Virtually every industry projection concurs that mobile use will undoubtedly forge ahead as the medium of choice in the trip planning and travel booking process. All the big players in the online travel space have mobile apps offering the ability to book flights, hotel rooms, car rental and more on the go, whenever and wherever you may be on your travels. 
 
Customers download these apps in the knowledge that the same security features are present that are often taken for granted when making bookings on their websites. According to mobile security firm Bluebox Security, this blind acceptance could turn into a very expensive mistake.  Bluebox analyzed the top ten most popular travel apps (each with millions of downloads) for both Android and iOS and found some glaring security vulnerabilities. 
 
"We did a little bit of research in the app ecosystem where we wanted to see what kind of security protection is in place in apps, or rather what protections are not in place. We selected the category of travel apps, which are used by both consumers and enterprises every day for multiple things like airline booking, payments for hotels, restaurants and ride sharing," said Andrew Blaich, Bluebox’s head security analyst.
 
"We noticed that overall security is a second-class factor when apps are being developed," Blaich said. "We looked at a variety of different factors including third-party coders, data exposure and are they exposing or not protecting data they’re saving on the device like log in or credit card information."
 
The Bluebox study found that only one out 10 Android apps analyzed and none from the Apple App Store used any data encryption for stored information such as usernames, passwords, email addresses and even credit card numbers. The report described it as a ‘potentially catastrophic’ situation, but also identified other flaws.
 
About 70% of the code in the apps, Bluebox said, originated from external third-party sources and not created or indeed authenticated in-house. These range from social media APIs, location based content, and other travel related third party information. These come from numerous different Internet resources ‘significantly increasing the attack surface,’ it said. In addition, none of the apps had any anti-tamper or anti-debug protection, again leaving them exposed to possible attack. 
 
"Some of the flaws we discovered would allow an attacker to create a malicious version of the app and have it look the same as the original app," Blaich added.
 
In conclusion, Bluebox stressed app security should be an essential part of the development process from the outset, with robust encryption, ‘self-defending’capabilities and the removal of any unnecessary third-party code. 
 


 

below social share icons
profileimage

TravelMole Editorial Team

Editor for TravelMole North America and Asia pacific regions. Ray is a highly experienced (15+ years) skilled journalist and editor predominantly in travel, hospitality and lifestyle working with a huge number of major market-leading brands. He has also cover in-depth news, interviews and features in general business, finance, tech and geopolitical issues for a select few major news outlets and publishers.



Ecommpay

ECOMMPAY is an international payment service provider and direct bank card acquirer, engineering bespoke payment solutions for clients worldwide. Our payment gateway e...

MGM Resorts

MGM Resorts International (NYSE: MGM) is an S&P 500® global entertainment company with national and international locations featuring best-in-class hotels and casi...

Via Croatia

Via Croatia is a concierge-type, full-service luxury DMC working exclusively with travel agents and luxury tour operators. With 20 years of experience and local partne...

Carnival Cruise Line

If you’re thinking of cruising, there’s a very good chance you’re considering a Carnival cruise. Growing since our founding in 1972, Carnival Cruise Line — “The World’...

Tourism Queensland

Queensland – where it’s rude not to stare Here in Queensland, there’s plenty to do. But there’s even more to find. Like swimming through the World Heritage-listed Grea...

G Adventures

We are a small-group adventure travel operator offering more than 750 tours in 100 countries, on all seven continents. Our award-winning trips support local communitie...

Go Tokyo

The city has been the vibrant heart of Japan for over 400 years, and is a crossroads where tradition meets modernity. We work tirelessly to promote Tokyo to attract do...

Kiwi.com

We make travel accessible for everyone We believe everyone should be free to experience the world. For us, there’s no greater freedom than choosing where you want to b...

Jersey

This is Jersey. An island shaped by the sea where some of the most astonishing tides in the world circle the coast and feed the land. An island that’s small on size, b...

IHG Hotels & Resorts

IHG Hotels & Resorts: Redefining Hospitality Excellence IHG Hotels & Resorts is a globally renowned hospitality company that stands at the forefront of the ind...

Air Transat

Air Transat is Canada’s number one leisure airline. It flies to some 60 international destinations in more than 25 countries in the Americas and Europe, offers domesti...

TravelMole Media Group

Since its launch in 1999, TravelMole.com has become, one of the largest global online travel industry communities.  It is comprised of over 225,000 travel industry pro...

Visit Mississippi

WANDERERS WELCOME to MISSISSIPPI Mississippi is a state for all those who are wanderers at heart. From lush, forested Appalachian foothills to expansive Delta horizons...

Riverside Luxury Cruises

River cruising is a treat for the senses, allowing you to see, touch, feel and experience the world like never before. Sit on the intimate, open-air upper deck as you ...

Babble Cloud

Babble is a leading technology business that is reimagining how we do work. Founded in 2001, the company works with over 4,000 organizations in a wide range of sectors...

Sabah Tourism

Some describe it as a natural playground. Some say, it’s simply unique as it offers a great array of travel options coast to coast. Some say, the hospitality of ...

Punta Gorda / Englewood Beach

Discover Punta Gorda/Englewood Beach, also known as the Charlotte Harbor Gulf Island Coast. This natural wonderland is nestled in the heart of southwest Florida with k...

Latvia Travel

Latvia – a country in the Baltic region of Europe – may be small, but its pristine Baltic sea coastline and traditions tend to surpass even more iconic destinations of...

Will the FIFA World Cup impact summer bookings?
Most Read
mostcomentedimg TAP Air Portugal to operate 29 flights due to strike on December 11
advisor_img

Phocuswright reveals the world's largest travel markets in volume in 2025
advisor_img

Higher departure tax and visa cost, e-arrival card: Japan unleashes the fiscal weapon against tourists
advisor_img

Cyclone in Sri Lanka had limited effect on tourism in contrary to media reports
advisor_img

Singapore to forbid entry to undesirable travelers with new no-boarding directive
advisor_img

Euromonitor International unveils world’s top 100 city destinations for 2025

Vegas’s Billion-Dollar Secrets – What They Don’t Want Tourists to Know

Visit Florida’s New CEO Bryan Griffin Shares His Vision for State Tourism with Graham

Chicago’s Tourism Renaissance: Graham Interviews Kristin Reynolds of Choose Chicago

Graham Talks with Cassandra McCauley of MMGY NextFactor About the Latest Industry Research

Destination International’s Andreas Weissenborn: Research, Advocacy, and Destination Impact

Graham and Don Welsh Discuss the Success of Destinations International’s Annual Conference

Graham and CEO Andre Kiwitz on Ventura Travel’s UK Move and Recruitment for the Role

Brett Laiken and Graham Discuss Florida’s Tourism Momentum and Global Appeal

Graham and Elliot Ferguson on Positioning DC as a Cultural and Inclusive Global Destination

Graham Talks to Fraser Last About His England-to-Ireland Trek for Mental Health Awareness

Kathy Nelson Tells Graham About the Honour of Hosting the World Cup and Kansas City’s Future

Graham McKenzie on Sir Richie Richardson’s Dual Passion for Golf and His Homeland, Antigua
TRAINING & COMPETITION
topnews
Holland America Line teams up ...
topnews
Central Florida Insider: Get t...
topnews
Crystal Launches Sell Three, S...
topnews
Introducing Inclusive Collecti...
topnews
Unlock Exclusive Benefits, Red...
topnews
Mālama Maui By Visiting Mindf...
Skip to toolbar
Clearing CSS/JS assets' cache... Please wait until this notice disappears...
Updating... Please wait...