Go Back   Android Forums > Android Discussion > Android Applications
Android Applications All the information you could ever want about Android Applications. Learn about apps and get help with them... all here! New apps can be found and announced in the Applications Announcements forum linked below.

Get excited for the Samsung Galaxy S5! Find everything you need and discuss it in our Galaxy S5 Forum!

test: Reply
 
LinkBack Thread Tools
Old December 4th, 2010, 08:13 PM   #1 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Nov 2009
Location: Baton Rouge, LA
Gender: Male
Posts: 986
 
Device(s): Nexus 5
Carrier: T-Mobile

Thanks: 68
Thanked 116 Times in 100 Posts
Default Google Apps (Gmail, calendar, talk) and wifi

I have a question on security using wifi. I assume wifi on my Hero works the same as on my laptop in terms of security. For example, if I am using a public hot spot and on my laptop I go to a website that uses https, then no one should be able to sniff my traffic and record my keystrokes, data, etc.

If I am using a public hot spot on my Hero and go to a website using https, same thing as above, right? Now, my real question is the built in Google apps, like gmail, calendar, talk. Does anyone know if the data sent between my Hero and Google is encrypted?

For other 3rd party apps, like Facebook, I guess I would have to find out on an app by app basis (probably from the developer) to see how data is sent to / from the app (encrypted or not)??

Thanks.

regression is offline  
Last edited by regression; December 4th, 2010 at 08:47 PM.
Reply With Quote
sponsored links
Old December 4th, 2010, 09:11 PM   #2 (permalink)
Senior Member
 
amlothi's Avatar
 
Join Date: Jul 2010
Posts: 1,186
 
Device(s):
Carrier: Not Provided

Thanks: 35
Thanked 202 Times in 155 Posts
Default

Login to your Gmail account from the computer. There are settings to force Gmail to use https only. You can find it under Settings > General. The android app will support this.



Other apps, like the HTC mail app on my phone, allow you to select "this server requires SSL" when setting up the account. This should force the app to use SLL each time.
amlothi is offline  
Reply With Quote
Old December 4th, 2010, 09:14 PM   #3 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Nov 2009
Location: Baton Rouge, LA
Gender: Male
Posts: 986
 
Device(s): Nexus 5
Carrier: T-Mobile

Thanks: 68
Thanked 116 Times in 100 Posts
Default

Quote:
Originally Posted by amlothi View Post
Login to your Gmail account from the computer. There are settings to force Gmail to use https only. You can find it under Settings > General. The android app will support this.



Other apps, like the HTC mail app on my phone, allow you to select "this server requires SSL" when setting up the account. This should force the app to use SLL each time.
Thanks. I thought I had always use https set in gmail, but alas, I didn't! It is now set to always use https.

Any idea on using Google Talk / Google Calendar from my phone?
regression is offline  
Reply With Quote
Old December 5th, 2010, 02:10 AM   #4 (permalink)
Senior Member
 
amlothi's Avatar
 
Join Date: Jul 2010
Posts: 1,186
 
Device(s):
Carrier: Not Provided

Thanks: 35
Thanked 202 Times in 155 Posts
Default

Not sure. I can't seem to find any official document from Google on this.

I can tell you that, if I go to http://calendar.google.com, it automatically pushes to the https site.

I'm assuming it would be the same on my phone, but I haven't checked.

Perhaps someone who knows more can try capturing packets from their phone to see whether they are encrypted.
amlothi is offline  
Reply With Quote
Old February 3rd, 2011, 07:21 PM   #5 (permalink)
New Member
 
Join Date: Feb 2011
Posts: 1
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm really curious about this topic too. I really want to use public wi-fi, when available. I, myself, know not to browse any non-SSL sites, if there's any private credentials involved. The thing I worry about is all of the background services on my phone, if all of them are using encrypted communications.

My concerns: Google's apps, e.g., Gmail, Calendar, sync, etc. And other apps, like Twitter's client.

Does anyone have any news on this? Regardless of how much digging I do on the web, there's no answers on this. I'm gonna look into how to sniff my own packets to see.
m6soto is offline  
Reply With Quote
Old February 3rd, 2011, 08:47 PM   #6 (permalink)
Senior Member
 
Join Date: Apr 2010
Posts: 743
 
Device(s):
Carrier: Not Provided

Thanks: 107
Thanked 120 Times in 100 Posts
Default

Quote:
Originally Posted by m6soto View Post
I'm really curious about this topic too. I really want to use public wi-fi, when available. I, myself, know not to browse any non-SSL sites, if there's any private credentials involved. The thing I worry about is all of the background services on my phone, if all of them are using encrypted communications.

My concerns: Google's apps, e.g., Gmail, Calendar, sync, etc. And other apps, like Twitter's client.

Does anyone have any news on this? Regardless of how much digging I do on the web, there's no answers on this. I'm gonna look into how to sniff my own packets to see.
SSL offers a level of protection but it's still not 100% fool proof. In a public wifi network, you're still susceptible to man in the middle attacks. So if security is a concern, I would not do anything over public wifi that transfers private credentials, even if it is through SSL.
dylo22 is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Discussion > Android Applications
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 12:18 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.