Security Concerns

By Andrew Garcia  |  Posted 2009-04-02 Print this article Print


But as my Wi-Fi usage continues to grow and encompass a much wider array of applications, I'm starting to have some concerns about the security of these applications, particularly over Wi-Fi. 

I've been traveling a lot lately, connecting to a wide assortment of open hot spot networks in hotels and conference centers that are not encrypted at the network level, and I have found myself intensely curious about whether my data is secure. Unencrypted Wi-Fi is just too easy to capture and decode, and many applications are now chatting on the network, but I don't have a good sense of their over-the-air hygiene.

When using Web applications via a browser, I can see the HTTPS:// or the little padlock icon and think, OK, I'm encrypted. But with third-party applications, I generally don't see obvious signs that I shouldn't be worried. When I fire up those communication applications-including Facebook, Fring and the Amazon shopping application-will my authentication details or credit card info be secure?

Possibly, I am fretting about nothing.  I haven't combed through the terms of service or privacy policies of every application on my phone. But during casual use of applications, I can definitively say that only the Amazon app says it is using SSL. It makes me want to sniff my own traffic, just to see what's what.

I do wish someone would take the lead on this issue, making it clear in third-party applications what security measures are or are not present as data traverses the network-particularly unencrypted networks. I tried to encourage the Wi-Fi Alliance to take the lead on this, to apply pressure on device vendors or application store maintainers to make it clear when data is protected by an application. But, honestly, I know it isn't the right party to make that happen.

Instead, the call needs to go out to Apple, RIM, Nokia and Microsoft: Make sure your developers have guidelines in place requiring application-level security of personal and financial information, as well as a clear-cut way for that security to be presented to the user.

Senior Analyst Andrew Garcia can be reached at


Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel