[dpifke]

Looking at the privacy policy[0], the app does send some information to backend servers, specifically "flight related information." If the employees' "flight related information" is not publicly available, I can see AA having a legitimate issue with it.

But the scraping does appear to happen on-device, and it claims the password is not transmitted, so that's better than I initially thought.

[0] https://www.iubenda.com/privacy-policy/40331177

[dkonofalski]

That would make sense for that context, though, since they're likely providing additional info regarding flight information and, according to the policy, only for flights that are saved to the user's account. That would imply that things like flight numbers are stored in the user's account which makes complete sense and wouldn't necessarily be anything other than public information.