Google Apps (Gmail, calendar, talk)

[Deleted User]

I have a question on security using wifi. I assume wifi on my Hero works the same as on my laptop in terms of security. For example, if I am using a public hot spot and on my laptop I go to a website that uses https, then no one should be able to sniff my traffic and record my keystrokes, data, etc.

If I am using a public hot spot on my Hero and go to a website using https, same thing as above, right? Now, my real question is the built in Google apps, like gmail, calendar, talk. Does anyone know if the data sent between my Hero and Google is encrypted?

For other 3rd party apps, like Facebook, I guess I would have to find out on an app by app basis (probably from the developer) to see how data is sent to / from the app (encrypted or not)??

Thanks.

 

[amlothi]

Login to your Gmail account from the computer. There are settings to force Gmail to use https only. You can find it under Settings > General. The android app will support this.



Other apps, like the HTC mail app on my phone, allow you to select "this server requires SSL" when setting up the account. This should force the app to use SLL each time.

 

[Deleted User]

Login to your Gmail account from the computer. There are settings to force Gmail to use https only. You can find it under Settings > General. The android app will support this.



Other apps, like the HTC mail app on my phone, allow you to select "this server requires SSL" when setting up the account. This should force the app to use SLL each time.

Thanks. I thought I had always use https set in gmail, but alas, I didn't! It is now set to always use https.

Any idea on using Google Talk / Google Calendar from my phone?

 

[amlothi]

Not sure. I can't seem to find any official document from Google on this.

I can tell you that, if I go to http://calendar.google.com, it automatically pushes to the https site.

I'm assuming it would be the same on my phone, but I haven't checked.

Perhaps someone who knows more can try capturing packets from their phone to see whether they are encrypted.

 

[m6soto]

I'm really curious about this topic too. I really want to use public wi-fi, when available. I, myself, know not to browse any non-SSL sites, if there's any private credentials involved. The thing I worry about is all of the background services on my phone, if all of them are using encrypted communications.

My concerns: Google's apps, e.g., Gmail, Calendar, sync, etc. And other apps, like Twitter's client.

Does anyone have any news on this? Regardless of how much digging I do on the web, there's no answers on this. I'm gonna look into how to sniff my own packets to see.

 

[dylo22]

I'm really curious about this topic too. I really want to use public wi-fi, when available. I, myself, know not to browse any non-SSL sites, if there's any private credentials involved. The thing I worry about is all of the background services on my phone, if all of them are using encrypted communications.

My concerns: Google's apps, e.g., Gmail, Calendar, sync, etc. And other apps, like Twitter's client.

Does anyone have any news on this? Regardless of how much digging I do on the web, there's no answers on this. I'm gonna look into how to sniff my own packets to see.

SSL offers a level of protection but it's still not 100% fool proof. In a public wifi network, you're still susceptible to man in the middle attacks. So if security is a concern, I would not do anything over public wifi that transfers private credentials, even if it is through SSL.