Air Arabia Plaintext Data Transmission
Summary
The Air Arabia Android app has a serious security
problem--it sends personal information,
including credit card numbers, without
encryption.
Testing Method
I have Burp set up as a proxy for my
Genymotion Android emulator.
Here's the app:
Purchasing a ticket:
All the data is sent without encryption:
I went to the website to find a contact
email, and found that it also uses
no encryption at all:
Notification
I sent this message on 5-27-15:
Posted 5-27-15 by Sam Bowne