Many of the widely-used ride-sharing and other travel apps out there have major server-side security vulnerabilities. PrivacySavvy research team discovered a group of travel apps leaving their servers completely open and accessible, ultimately exposing private user data for anyone to see. Most of the apps are leaking data through their subdomains, and the exposed data posed a risk to many parties.
Led by Sarmad khan and Huynh Chen, in first-of-its-kind research, PrivacySavvy tested the security of over 20 of the world’s leading travel apps to understand how they manage users’ privacy and security risks. Unfortunately, most of them failed.