Air Arabia Plaintext Data Transmission


The Air Arabia Android app has a serious security problem--it sends personal information, including credit card numbers, without encryption.

Testing Method

I have Burp set up as a proxy for my Genymotion Android emulator.

Here's the app:

Purchasing a ticket:

All the data is sent without encryption:

I went to the website to find a contact email, and found that it also uses no encryption at all:


I sent this message on 5-27-15:

Posted 5-27-15 by Sam Bowne