Aircraft Communications Addressing and Reporting System (ACARS) has been widely used in aviation datalink. However, for lack of security designs, ACARS faces increasing security threats such as eavesdropping and message injection. Although several security solutions has been proposed on aviation surveillance message, such as Automatic Dependent Surveillance-Broadcast, those on ACARS have received far less attention. To further improve the session security and privacy of civil aviation users, we put forwards a compatible protocol for ACARS datalink to protect message security as well as aircraft identity privacy. The proposed solution provides communication confidentiality, and supports data integrity and user identity verification. Meanwhile, by replacing the aircraft’s identity transmitted in plaintext with a variable anonymity, the privacy of an aircraft is protected from the disclosure of aircraft identity. Moreover, our protocol is compatible with current ACARS standards, making the proposed solution easy-to-deploy and practical. Formal analysis and simulations are carried out to make sure the security of proposed protocol.