How Secure are Connections over WiFi thru Apps

Discussion in 'iOS 5 and earlier' started by nycfonephreak, May 1, 2012.

  1. nycfonephreak macrumors newbie

    Joined:
    Aug 8, 2011
    #1
    Is there any security risk in using the built-in mail app to connect to my Gmail account from my iPhone or iPad over a public WiFi network (like in a hotel)

    What about photo editing apps like apps Snapseed and iWatermark, Instagram, which connect to my email, twitter, facebook, flickr accounts to email or post photos?

    And, in general - apps like the official Flickr account, TweetBot, etc.?

    How can I be sure that when these apps log into my accounts they are not sending my login credentials unencrypted?

    In most cases I rely on connecting through 3G and I'm safe there. But, especially with photos or in weak signal areas, I sometimes need to use whatever public WiFi network I can find.
     
  2. Kyotoma macrumors 68000

    Kyotoma

    Joined:
    Nov 11, 2010
    Location:
    Carnegie and Ontario
    #2
    There is the same amount of risk as there would be if you used a regular PC to log into those sites using the same WiFi. Always use a proxy, a VPN or some other kind of secure connection if you plan on accessing personal or sensitive data over that network.

    An easy way to do this is to use an HTTPS proxy server like Proxify.com when you set up the WiFi network in settings.
     
  3. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #3
    For mail, if you've set it to use SSL for communications with the mail servers, your credentials are encrypted.

    Apps that send through mail would of course use the mail settings. Otherwise for Apps, you would have to check with each App maker.
     
  4. anyjungleinguy macrumors regular

    Joined:
    Mar 6, 2012
    #4
    Route everything through a VPN when on public Wi-Fi.
     
  5. nycfonephreak, May 1, 2012
    Last edited: May 1, 2012

    nycfonephreak thread starter macrumors newbie

    Joined:
    Aug 8, 2011
    #5
    Is it possible to route my iPhone or iPad thru a VPN? If so, how?

    I know about the dangers of using public wifi networks and would never use my laptop (which, BTW is Windows - I know this is a Mac-based forum) on a public wifi network to access secure sites.

    However, I'm asking specifically about accessing from iPhone and iPad - and more specifically, thru Apps on those devices. Someone responded about setting my mail server (Gmail) to require SSL and that's good to know. As it turns out Gmail sets this ON by default.

    But, I'm wondering how I can verify that apps are establishing secure connections. It's easy to verify in a browser by checking the URL - but, I'm looking for a way to verify within apps.
     
  6. Xgm541 macrumors 65816

    Joined:
    May 3, 2011
    #6
    Why go out of your way to either set up your own or pay for a VPN? If you do not trust public wifi, stick to your data connection. Mail, twitter, and the likes dont use obscene amounts of data anyway.

    Unless you are a government official where privacy is always of concern, you have no reason to worry.
     
  7. Menel macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    #7
    You don't have to 'pay' for a VPN so to speak. DDWRT has an embedded VPN server that works find with my iPhone when hotspot hopping.

    Then configure auto DDNS so you always have a reliable path home.
     
  8. Daveoc64 macrumors 601

    Joined:
    Jan 16, 2008
    Location:
    Bristol, UK
    #8
    What are those dangers? Why do they apply to a computer and not to a smartphone?

    If anything, a computer is far more flexible in both how you can examine and control security.

    The reality is that if you're sending unencrypted data over a network, it's going to be quite easy to intercept it no matter what device you're using.

    Of course, there's still two questions raised by that:

    1) Is anyone listening?
    2) Is what they're listening to important?
     
  9. Xgm541 macrumors 65816

    Joined:
    May 3, 2011
    #9
    This is true but you are limited to your ISP upload speed, which in many cases is low. On top of that it is my understanding that most home internet providers do not allow any "server" type hosting and VPN would likely qualify as being a "server" type of application.
     
  10. Menel macrumors 603

    Menel

    Joined:
    Aug 4, 2011
    #10
    1. Bandwidth is situational. 20/6 comcast is standard in this area.

    2. Bandwidth for a mobile device is so low, will fly under ISP radar, and its personal use.
     
  11. anyjungleinguy macrumors regular

    Joined:
    Mar 6, 2012
    #11
    Quite easily. Just purchase a VPN from any provider. iOS accepts VPN connections through either PPTP or L2TP.

    There's no way for you to verify that the apps you have connect securely without first connecting to your own Wi-Fi network and analysing the packets on the network. Then you can see exactly what the app is sending and if it is encrypted.

    Look at WhatsApp. Any messages sent through WhatsApp are unencrypted. Anyone monitoring a Wi-Fi network in this case can fully log your conversation. There's even been a recent Android app released specifically for that purpose. With a VPN, they wouldn't be able to see anything.

    What about in cases where a data connection can't be established?

    There are a multitude of issues to worry about regarding privacy. Lots of people are worried about the security of their information, sensitive or not. The notion of not needing to care about your own privacy unless your government official is ridiculous. I guess you're one of the "if you're not doing anything wrong, there's nothing to worry about" crowd.
     
  12. CyBeRino macrumors 6502a

    Joined:
    Jun 18, 2011
    #12
    Accessing secure sites (I assume you mean https with this) is actually not secure even in public networks. That is: so long as you allow the regular security mechanisms to do their work, and you don't override them by saying things like, 'sure, accept this certificate that has absolutely no match to what I should be looking at'. The point of SSL and TLS is exactly this: to allow you to securely communicate with a server even if someone is listening to everything your computer does on the network.

    The only way to be sure is to sniff the traffic yourself and see what happens.
     
  13. pblakk macrumors member

    Joined:
    Apr 8, 2012

Share This Page