This particular article is dealing with Android applications of 14 different airlines including severall that serve the United States.
According to the article, Air Asia, one of the 14 different airlines discussed within this article was found to be in violations of keeping personal information safe because they were attacked with Ransomware. Just this month, they were attacked yet again.
The airline industry doesn’t need all of the permissions that are discussed within this article. I can see camera being used to snap a photo, especially if luggage is lost and you take a picture of it within the app to refer to later to prove that it was on the baggage system for them to pick up.
Let’s step through this.
While the image says that it is an image of data collection, the headings within this article include: risky permissions, every travel app has access to location, access to camera, access to storage, reading phone state, access to microphone, access to your contacts, Ryanair can access account data on the device, some airlines can call on your behalf, and a stay safe section.
This is a very lengthy article and one that we all need to read.
Every travel app has access to your location
Does the app in question need this? Maybe. Especially if you’ve lost your luggage as an example, they can see exactly where you were and possibly figure out why your luggage didn’t make it. But after you’re done flying and you get home safe, the article indicates that they are tracking you anyway. Why? What purpose does it serve them to know exactly where you live? They know that you flew out of one particular airport, but there is no reason to know exactly where you are. By booking hotels if they offer that, airport leaving and arriving location, they aught to have enough. And that should be all they have to fulfill the request of your travels, for however long you’re gone for that set period of time. Some get a certain permission but others get exact location. I forget now what the other permission is off hand, but again, once the app is closed, that should be it unless you’re like Transit app and its helping you along your journey.
Access to camera
Contacting support and providing photos or uploading a copy of your ticket is key. Besides this, once the transaction is done, you don’t need this permission do you? Especially if you’re not doing camera things and if you were, it isn’t in the app. Don’t tell me that these permissions like this one is always on even when not in use.
Storage
Saving photos is a hog for storage. Making sure you have the room to store the photo is key, but once the process is done, do you need long term storage access?
Reading phone state
The phone state, otherwise known as the phone status is not necessary. Once you close the app, that’s it. I don’t care what the status of your device is, I could be taking your precious battery.
Microphone
If the app provides video and or audio calling capability, fine. If not, why are these applications asking for the permission? They can then hear whatever they want within your environment and again it would be battery hogging.
Access to your contacts
Tell me why anyone would need access to your contacts within this industry? The other heading I want to put in here with this section is the heading dealing with airlines calling on your behalf. So what would it do them for them calling my doctors office at whatever time they feel like calling? Someone explain that for me. Its not like they’re going to offer my doctors office anything because I traveld to a country on business or something.
account data
One airline accesses account data. This has to do with getting account information like facebook, instagram email and the like. Why?
Conclusion
The safety section talks about reviewing permissions and goes in to detail on how to do this within the Android operating system on your phone. I would switch off ones you don’t need like allowing them access to your contacts. Within the linked article the reasons provided are vague. I could see some for fraud prevention, but that’s only in the transaction aspect of things not within anything else.
This article is in the security section of Cybernews. Airlines apps might know more than you think is the title of this article.
While the apps were Google based, I’m curious if they’ll do a study of applications in the IOS ecosystem? I’m curious. This … is beyond crazy. Have fun!
Please sound off by email or right here on the blog. Thanks for reading!