Filing FAA flight plans through Avare
267 views
Skip to first unread message
Andrew Sarangan
Feb 17, 2022, 11:02:57 PM2/17/22
to Apps4Av Forum
I am a bit confused how Avare is able to file a flight plan with Leidos without knowing what my Leidos password is. Can anyone just file a flight plan under someone's email without a password?
Apps4av Support
Feb 18, 2022, 6:26:15 AM2/18/22
to Andrew Sarangan, Apps4Av Forum
Hi Andrew
Yes anyone can file, open, close, cancel on your behalf without a password.
On Thu, Feb 17, 2022, 11:02 PM Andrew Sarangan <asar...@gmail.com> wrote:
I am a bit confused how Avare is able to file a flight plan with Leidos without knowing what my Leidos password is. Can anyone just file a flight plan under someone's email without a password?
--
You received this message because you are subscribed to the Google Groups "Apps4Av Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to apps4av-foru...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/apps4av-forum/CAMtwq8-tWRYfxDRqfXsU2KCAq_ToYGqQgfiw7fbSHJHn9Ntnxw%40mail.gmail.com.
Andrew Sarangan
Feb 18, 2022, 8:32:23 AM2/18/22
to Apps4av Support, Apps4Av Forum
Wow! I can't login to Leidos to file a flightplan without my password, but they are letting third party apps to file without a password? That seems like a security hole to me.
Jeffrey Ross
Feb 18, 2022, 9:04:46 AM2/18/22
to apps4a...@googlegroups.com
Amazing isn't it? You can also call them on the phone give them
somebody else's name and file under their name that way too. If you
use FltPlan Go, there is an option to file using Leidos, they too
only ask for your email address.
Not sure if you realize it but Leidos retains the phone number(s) you called from so next time you call them they pre-populate everything for you based upon your phone number profile, and phone numbers as telemarketers know all too well are easily forged.
Is it a poor design on Leidos' part? yes I think so, is it really a major deal? nah I don't think so, there is no sensitive information that you can get by filing a flight plan under somebody else's name. There is also no security on opening a flight plan, file a VFR flight plan? Depart an airport call flight service say you are N12345 and you want to activate your flight plan, who verifies it? On a VFR flight plan the plan itself is for search and rescue, the name, number, and address is where to reach out to if you don't arrive on time. IFR flight plans adds a heads up to the FAA to get a clearance ready.
I've learned that the FAA's system is very lax when it comes to accepting flight plans, for example I occasionally do flights under a compassion flight ID, the ID is CMFxxxx but I accidentally filed as CMPxxxx the first time I used it which is Copa Airlines, the FAA system happily accepted that.
Even flying into the DC 3 airports, the big difference is I have to call ATC directly on the phone and go through an identification process, although the process only works if keep certain data private and only share it with ATC, it isn't what I'd call extremely secure, although I can (and do) email them my flight plan before I call them to have it filed, saves some work.
Jeff
Not sure if you realize it but Leidos retains the phone number(s) you called from so next time you call them they pre-populate everything for you based upon your phone number profile, and phone numbers as telemarketers know all too well are easily forged.
Is it a poor design on Leidos' part? yes I think so, is it really a major deal? nah I don't think so, there is no sensitive information that you can get by filing a flight plan under somebody else's name. There is also no security on opening a flight plan, file a VFR flight plan? Depart an airport call flight service say you are N12345 and you want to activate your flight plan, who verifies it? On a VFR flight plan the plan itself is for search and rescue, the name, number, and address is where to reach out to if you don't arrive on time. IFR flight plans adds a heads up to the FAA to get a clearance ready.
I've learned that the FAA's system is very lax when it comes to accepting flight plans, for example I occasionally do flights under a compassion flight ID, the ID is CMFxxxx but I accidentally filed as CMPxxxx the first time I used it which is Copa Airlines, the FAA system happily accepted that.
Even flying into the DC 3 airports, the big difference is I have to call ATC directly on the phone and go through an identification process, although the process only works if keep certain data private and only share it with ATC, it isn't what I'd call extremely secure, although I can (and do) email them my flight plan before I call them to have it filed, saves some work.
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/apps4av-forum/CAMtwq8-S0_cdZ-9q_6dYTmVSxFEV2pQxpes3F9w0qU16obgJNQ%40mail.gmail.com.
Jeffrey Ross
Feb 18, 2022, 9:09:34 AM2/18/22
to apps4a...@googlegroups.com
One difference I can see with the Leidos web site and why it does
require a password is you have inputted PII (Personal Identifiable
Information) on their website, and by logging into the website you
have access to that. Filing a flight plan via a 3rd party app or on
the phone with Leidos does not give you access to any of that PII.
Jeff
Jeff
To view this discussion on the web visit https://groups.google.com/d/msgid/apps4av-forum/a046a565-f656-7dcb-c2c1-5ebe08b0a63c%40bubble.org.
Andrew Sarangan
Feb 18, 2022, 6:20:46 PM2/18/22
to Jeffrey Ross, Apps4Av Forum
Yes you are correct.
I did some more poking around. When you download a flight plan from Leidos to Avare (for viewing or amending), the pilot name and phone number shows as "PII RESTRICTED". But you can upload from Avare to Leidos the pilot name and phone number. So at least that part makes sense.
To view this discussion on the web visit https://groups.google.com/d/msgid/apps4av-forum/4a83d5c8-4c5a-f9d9-4b84-9ea5d07336d2%40bubble.org.
Reply all
Reply to author
Forward
0 new messages