Open your photo roll right now and search "boarding pass." If there are screenshots there, every single one of them has, at minimum:
- Your full legal name
- Your ticket booking reference (PNR) — six characters that can be used to access your full itinerary on the airline's website
- Your frequent flyer number
- A barcode that, if scanned, reveals everything above plus your passport details on many international tickets
And every one of those screenshots is sitting in:
- Your iCloud or Google Photos backup
- Any third-party photo app you've granted permission to (Instagram, WhatsApp, photo editing apps, AI background remover apps…)
- Any iMessage / WhatsApp chat where you sent it to yourself or a partner
- Any cloud chat backup of those messages
This is the standard setup of most travelers. It's also a privacy disaster.
What attackers can do with a leaked PNR
A six-character PNR + last name unlocks the airline's manage-booking page. From there, a malicious actor can:
- Cancel your return flight
- Change your seat (annoying) or your meal preference (creepy)
- Access your saved passport scan if you uploaded one
- See your hotel address if booked through the airline
- Use leaked details for targeted phishing ("Hi, this is Singapore Airlines about your booking PXM4Y2…")
The 2018 British Airways breach happened in part because PNRs were treated as low-sensitivity. They're not.
The four levels of boarding pass storage (worst to best)
Level 1 — iMessage screenshots (worst)
Backed up to iCloud. Visible to anyone who unlocks your phone. Captured by any third-party app you grant photo access. Avoid.
Level 2 — Airline app
Better than screenshots, but requires connectivity to retrieve. App can fail at the worst moment. Most airline apps phone home with telemetry.
Level 3 — Apple Wallet / Google Wallet
Good for most travelers. Apple specifically encrypts wallet passes in the Secure Enclave. Works offline once added. Limitation: not all airlines push to Wallet by default (especially smaller carriers).
Level 4 — Encrypted on-device vault (best)
The boarding pass (PDF, screenshot, or photo) is stored locally on your phone, encrypted at rest with your device's secure enclave, and locked behind biometric authentication. Nothing is uploaded to a cloud. Nothing is accessible to other apps. This is how Your Travel Companion's Vault works.
Practical setup (10 minutes)
- Delete every boarding pass screenshot in your photo roll. Right now. It also clears them from iCloud Photos within 30 days.
- Add new boarding passes to Apple/Google Wallet whenever the airline offers it.
- For documents Wallet won't accept — passports, visas, insurance certificates, hotel confirmations — use an encrypted on-device vault. Your Travel Companion handles this with biometric unlock and zero cloud sync.
- Never email yourself documents containing PNRs. Email is plaintext. Use the vault.
- When you land, delete completed boarding passes — they're no longer useful and remain a security liability.
The simplest privacy upgrade most travelers can make: stop screenshotting boarding passes into iMessage. The single act removes 60% of your personal-data leak surface for the trip.
Why on-device matters more than "cloud encryption"
"End-to-end encrypted" cloud storage still requires you to trust the provider's implementation, their compliance with subpoenas, their backups, and their auth system. On-device encryption removes all of those trust requirements — the data physically never leaves your phone.
For boarding passes specifically, you also don't need cloud sync. The pass is single-use. Once the flight is over, the data is liability without utility.