More and more of us are moving into the cloud as it is often a convenient and cost effective solution for small businesses. Plus, with the growing popularity of smartphones, the number of people using apps for business (and personal use) is growing.
But how secure is our data when using apps?
That has been an issue for a while now. Apple have stringent controls over what apps make it to their store, so the issue of security isn’t, well an issue. But when it comes to Android, it’s an entirely different story because there are no pre-publication clearance controls.
Last year, PC Pro ran an article about Android security (or rather the lack of it) and mentioned an experiment run by Dan Wallach, an associate professor in the Department of Computer Science at Rice University, Houston. With is permission, his undergraduate security class listened in on the traffic to and from his Android smartphone.
Using Wireshark and Mallory, they quickly discovered that “ Google wasn’t encrypting traffic heading for Google Calendar (using the default Google Calendar app that came with the phone)” although it does go on to mention that Google is “planning on introducing encrypted traffic to Google Calendar on Android as part of an unspecified maintenance release in the future.”
Not only that but, “…while the professor had a Facebook account configured to specify fully encrypted traffic, the Android Facebook app ignored that and sent everything in the clear…especially…Facebook isn’t doing anything like OAuth signatures, so it may be possible to inject bogus posts as well…[plus]one of the requests that the class saw heading to the Facebook server was carrying a SQL statement, which doesn’t bode well.”
It would therefore appear that Android apps, even authorised ones, may not offer you the type of protection you would expect to receive.
Over to you
In light of the article mentioned above, what are your feelings about Android apps?
Have you had any bad experiences?
Leave a comment below, we’d love to hear what you have to say.