Rare CruiseMrB Posted June 10, 2021 #1 Share Posted June 10, 2021 (edited) Android App referenced here. Requests / requires waaay too many rights. Files, contacts, emails, camera, location. You name it, it wants it. You can login using only your booking number without any password or PIN. That booking number is only 6 alphanumeric characters long and might be on your phone already in an email, sms message, or text file. You can login using a username and password, but that does not sync well with password managers (tried 2 of them.) So to login, you shorten your password to something you can remember. Bad news. Once logged in, it stays logged in, with no further acknowledgement. And it stays logged in over power on / power off. Here are the real problems: Once you are logged in once, the app wants /requires you to take pictures of your passport. If someone steals your phone, they can change everything, including your passport information. Huge ID theft issue for you, security threat for everyone else. The chain of custody of that information is toast. You can't trust that the person who is listed is actually the person who is travelling. Your credit card on-ship payment information is live. Anyone who gets your phone can start charging things. So....What to do if this is now required? Install the app on your phone in your house. Fill in all the travel docs as required. Order Madallion through the app. If required to access documents for check-in, do so. Once in your room, and your medallion is confirmed to be working, remove the battery from your phone (if possible) and then put the phone in a safe place. BTW, don't assume the safe is "safe". There 's a good chance that there is a known default master code for that safe model or that Princess has a master code that is more known than you would like. If you want to keep your phone on your person, have it lock up after 5 or 10 seconds (no more than 15), and have it require either biometric (face or finger) or PIN to unlock. Yeah, it's a pain. But there is waaaaaayyyyyy too much information swimming around in the MedallionClass app. Edited June 10, 2021 by CruiseMrB 4 1 3 Link to comment Share on other sites More sharing options...
Rare c-boy Posted June 10, 2021 #2 Share Posted June 10, 2021 7 1 3 Link to comment Share on other sites More sharing options...
chrysalis Posted June 10, 2021 #3 Share Posted June 10, 2021 Only 7 threads about the app now..... 2 1 Link to comment Share on other sites More sharing options...
Rare CruiseMrB Posted June 10, 2021 Author #4 Share Posted June 10, 2021 1 minute ago, chrysalis said: Only 7 threads about the app now..... It's a big change to require that app and that effects a lot of things. So, yeah. 1 Link to comment Share on other sites More sharing options...
Condocat Posted June 10, 2021 #5 Share Posted June 10, 2021 I agree. Used Apple Pay once and had my credit card information unknowingly scanned off my phone at the airport! Might be worth placing the phone in a foil pouch to protect it from that type of activity. I find this very this is very unnerving..... 5 Link to comment Share on other sites More sharing options...
Steelers36 Posted June 10, 2021 #6 Share Posted June 10, 2021 1 hour ago, c-boy said: +1 1 Link to comment Share on other sites More sharing options...
dog Posted June 10, 2021 #7 Share Posted June 10, 2021 1 hour ago, c-boy said: Just like Link to comment Share on other sites More sharing options...
beaglesandducks Posted June 10, 2021 #8 Share Posted June 10, 2021 These are excellent points all the information we are required by princess to input to this app could be hacked somewhere along the way now i have another headache incoming 4 Link to comment Share on other sites More sharing options...
pms4104 Posted June 10, 2021 #9 Share Posted June 10, 2021 6 minutes ago, beaglesandducks said: These are excellent points all the information we are required by princess to input to this app could be hacked somewhere along the way now i have another headache incoming Well, it does seem to be the season for hacks, data breaches, ransomware, possible Cloud bursts. 1 Link to comment Share on other sites More sharing options...
caribill Posted June 11, 2021 #10 Share Posted June 11, 2021 13 hours ago, CruiseMrB said: Android App referenced here. Requests / requires waaay too many rights. Files, contacts, emails, camera, location. You name it, it wants it. You can login using only your booking number without any password or PIN. That booking number is only 6 alphanumeric characters long and might be on your phone already in an email, sms message, or text file. For certain uses, such as having others set up to dine with you, you have to enter in other people's booking number. So not only can your booking be compromised and b\to mischievous activity if some gets a hold of your phone, so can other people's if you entered their info. 1 Link to comment Share on other sites More sharing options...
Sprocket Posted June 11, 2021 #11 Share Posted June 11, 2021 Not fail safe but I leave my phone buried in my purse, never understood those who leave it out on bar tops or restaurant tables. 1 Link to comment Share on other sites More sharing options...
kitty2264 Posted June 11, 2021 #12 Share Posted June 11, 2021 18 hours ago, c-boy said: like it 2 Link to comment Share on other sites More sharing options...
Rare Roberto256 Posted June 11, 2021 #13 Share Posted June 11, 2021 19 hours ago, CruiseMrB said: The chain of custody of that information is toast. You can't trust that the person who is listed is actually the person who is travelling. That will only change when Princess is burned by the wrong person embarking. Like a last minute unauthorized substitution, or something. 1 Link to comment Share on other sites More sharing options...
Ride-The-Waves Posted June 11, 2021 #14 Share Posted June 11, 2021 Simple solution: Don't use the app. Corporate apps are designed to do only one thing: get your information for sales and marketing. Anytime you use an app you give up privacy. 1 1 Link to comment Share on other sites More sharing options...
Rare CruiseMrB Posted June 11, 2021 Author #15 Share Posted June 11, 2021 14 minutes ago, Ride-The-Waves said: Simple solution: Don't use the app. Corporate apps are designed to do only one thing: get your information for sales and marketing. Anytime you use an app you give up privacy. Becoming close to, if not already, an absolute requirement for passage and booking. Location tracking is going to be a thing. The phone is an easy way to do it. Personally, I'm going with the medallion hardware and not hooking my credit card to it (if possible.) I buy very little on the ship, and those things that I do buy, I'll use cash or physical credit card. Before loading the app on my phone for testing (my cruise is over 150 days away), I was thinking about using the app on an old burner phone that I have in a drawer. But the app has my passport picture and no security to speak of, so using a burner doesn't get me far. 1 1 Link to comment Share on other sites More sharing options...
dog Posted June 11, 2021 #16 Share Posted June 11, 2021 1 hour ago, CruiseMrB said: Becoming close to, if not already, an absolute requirement for passage and booking. Location tracking is going to be a thing. The phone is an easy way to do it. Personally, I'm going with the medallion hardware and not hooking my credit card to it (if possible.) I buy very little on the ship, and those things that I do buy, I'll use cash or physical credit card. Before loading the app on my phone for testing (my cruise is over 150 days away), I was thinking about using the app on an old burner phone that I have in a drawer. But the app has my passport picture and no security to speak of, so using a burner doesn't get me far. Don’t you have to provide a credit card prior to check in? 2 Link to comment Share on other sites More sharing options...
Rare CruiseMrB Posted June 11, 2021 Author #17 Share Posted June 11, 2021 1 minute ago, dog said: Don’t you have to provide a credit card prior to check in? Yes, and that's perfectly fine. But tying to an open phone is another kettle of fish. 1 1 Link to comment Share on other sites More sharing options...
Nerkbuck Posted June 11, 2021 #18 Share Posted June 11, 2021 I understand you concerns and I think most of us have them also, but Princess is going to require the app use for their ease. When is our government going to start holding companies criminally liable for data breaches? Companies have no responsibility after data breaches other than paying for credit monitoring. We all know that is worthless until after the crime is committed. When will cell phone companies use RFI technology to stop criminals from having the ability to scan your phone within close proximity? Can't they use the same technology as wallets? For now, all we can do is utilize the Biometrics and security built into the phones incase you lose it. Protect your phone while traveling as much as your passport. 1 Link to comment Share on other sites More sharing options...
Av8tor Posted June 11, 2021 #19 Share Posted June 11, 2021 1 hour ago, CruiseMrB said: Personally, I'm going with the medallion hardware and not hooking my credit card to it (if possible.) I buy very little on the ship, and those things that I do buy, I'll use cash or physical credit card. It's been my experience that cash (except for tips) and physical credit cards are not accepted for onboard purchases. You must use your cruise card or medallion... 6 2 Link to comment Share on other sites More sharing options...
dog Posted June 11, 2021 #20 Share Posted June 11, 2021 (edited) These threads are so long so I will post here. I looked up my current booking in Personalizer at the very top of page there is: Luggage Tags & travel summary button under that a Help button which takes me to frequently asked questions. link— before your cruise— explains printing boarding passes & luggage tags from Personalizer after paid in full 75 days before cruise or medall app to make check in faster. worth reading a d of course. Things can change Edited June 11, 2021 by dog Link to comment Share on other sites More sharing options...
Rare c-boy Posted June 11, 2021 #21 Share Posted June 11, 2021 hold on there Nerkbuck, I'm not going to ask the government to do something I can do for myself. When my credit card was used for unauthorized purchase's I was notified immediately. The only ones to loose out on the action, were Foot Locker and Kohls. I had a new card by 5 pm the next day. Link to comment Share on other sites More sharing options...
Rare CruiseMrB Posted June 11, 2021 Author #22 Share Posted June 11, 2021 (edited) c-boy: Take the coordinates out of your location signature. It returns a street address. You could fudge them up a bit to something that's close, but public. Like a park or government building. My guess is that the address is not completely accurate (but could be). Even if it's not accurate in being YOUR address, it's completely evil and unfair to the party to whose address is returned. Yeah, I'm paranoid about information floating around. 30 years as a sysadmin. Hence my location. Edited June 11, 2021 by CruiseMrB 1 Link to comment Share on other sites More sharing options...
Rare ontheweb Posted June 11, 2021 #23 Share Posted June 11, 2021 2 hours ago, Ride-The-Waves said: Simple solution: Don't use the app. Corporate apps are designed to do only one thing: get your information for sales and marketing. Anytime you use an app you give up privacy. Simpler solution---don't have a smartphone. 3 Link to comment Share on other sites More sharing options...
Rare Lady Arwen Posted June 11, 2021 #24 Share Posted June 11, 2021 59 minutes ago, Av8tor said: It's been my experience that cash (except for tips) and physical credit cards are not accepted for onboard purchases. You must use your cruise card or medallion... You are absolutely correct. No cruiseline accepts any form of payment onboard other than your personal cruise card, or for Princess, the medallion. 2 Link to comment Share on other sites More sharing options...
Rare CruiseMrB Posted June 11, 2021 Author #25 Share Posted June 11, 2021 10 minutes ago, Lady Arwen said: You are absolutely correct. No cruiseline accepts any form of payment onboard other than your personal cruise card, or for Princess, the medallion. Or now, your phone as a replacement for the physical medallion. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now