More Wi-Fi In Smartphones = A Security Risk

Andrew Garcia eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

Wi-Fi has become an essential feature of smartphones, and more apps are using it. But they may not be secure, warns Andrew Garcia

But is all this actually secure?

It’s a lot to go through to cover up for AT&T’s less-than-stellar coverage, and, yes, I will likely try out another carrier once my service contract expires.
But as my Wi-Fi usage continues to grow and encompass a much wider array of applications, I’m starting to have some concerns about the security of these applications, particularly over Wi-Fi.

I’ve been travelling a lot lately, connecting to a wide assortment of open hot spot networks in hotels and conference centres that are not encrypted at the network level, and I have found myself intensely curious about whether my data is secure. Unencrypted Wi-Fi is just too easy to capture and decode, and many applications are now chatting on the network, but I don’t have a good sense of their over-the-air hygiene.

When using Web applications via a browser, I can see the HTTPS:// or the little padlock icon and think, OK, I’m encrypted. But with third-party applications, I generally don’t see obvious signs that I shouldn’t be worried. When I fire up those communication applications—including Facebook, Fring and the Amazon shopping application—will my authentication details or credit card info be secure?

Possibly, I am fretting about nothing. I haven’t combed through the terms of service or privacy policies of every application on my phone. But during casual use of applications, I can definitively say that only the Amazon app says it is using SSL. It makes me want to sniff my own traffic, just to see what’s what.

I do wish someone would take the lead on this issue, making it clear in third-party applications what security measures are or are not present as data traverses the network—particularly unencrypted networks.

I tried to encourage the Wi-Fi Alliance to take the lead on this, to apply pressure on device vendors or application store maintainers to make it clear when data is protected by an application. But, honestly, I know it isn’t the right party to make that happen.

Instead, the call needs to go out to Apple, RIM, Nokia and Microsoft: Make sure your developers have guidelines in place requiring application-level security of personal and financial information, as well as a clear-cut way for that security to be presented to the user.