As you will see below, this app was not created by Spirit Air, but by "Convenientfriendlyapps@gmail.com" -- that company seems to have no website, and does not reply to emails.
In my opinion, Spirit Airlines should tell Google Play to remove this app, but they don't seem interested in doing that.
Here's the app:
Sending test credentials:
Harvesting them from Burp:
I tried to use the Spirit online customer support form, but it refused to accept anything from me without a valid conformation number.
By chance, I flew on Spirit Airlines recently and I found a valid confirmation number in my old email, which made it possible to submit the form.
Spirit replied to me telling me that they didn't make that app:
I flagged the app as inappropriate in the Google Play store--perhaps that will do some good.
Also, during all the correspondence mentioned above, I erroneously described the problem as "plaintext data transmission" rather than "failure to validate SSL certificates". I fixed the content of this page to the correct vulnerability on 5-31-15.
I don't think there's any reason to delay publication of this any longer.