Delta App Faces California Suit for PII Leakage
Dave Gullo stashed this in privacy
❝ The Fly Delta app allows customers to check in to flights, pay for checked baggage and perform other tasks related to flying. The lawsuit claims the app collects "substantial" personally identifiable information, including names, telephone numbers, email address, frequent-flier-account numbers, photographs, credit-card numbers and locations. ❞
Ummm yeah, this is extremely naughty.
How did they get caught?
There are ways to instrument mobile apps with logging HTTP proxies, and you can see the stuff going across the wire. I'm positive there are multiple teams of independent privacy researchers and they look specifically for these types of transgressions.