But as my Wi-Fi usage continues to grow and encompass a much wider array of applications, I'm starting to have some concerns about the security of these applications, particularly over Wi-Fi.
I've been traveling a lot lately, connecting to a wide assortment of open hot spot networks in hotels and conference centers that are not encrypted at the network level, and I have found myself intensely curious about whether my data is secure. Unencrypted Wi-Fi is just too easy to capture and decode, and many applications are now chatting on the network, but I don't have a good sense of their over-the-air hygiene.
When using Web applications via a browser, I can see the HTTPS:// or the little padlock icon and think, OK, I'm encrypted. But with third-party applications, I generally don't see obvious signs that I shouldn't be worried. When I fire up those communication applications-including Facebook, Fring and the Amazon shopping application-will my authentication details or credit card info be secure?
Possibly, I am fretting about nothing. I haven't combed through the terms of service or privacy policies of every application on my phone. But during casual use of applications, I can definitively say that only the Amazon app says it is using SSL. It makes me want to sniff my own traffic, just to see what's what.
I do wish someone would take the lead on this issue, making it clear in third-party applications what security measures are or are not present as data traverses the network-particularly unencrypted networks. I tried to encourage the Wi-Fi Alliance to take the lead on this, to apply pressure on device vendors or application store maintainers to make it clear when data is protected by an application. But, honestly, I know it isn't the right party to make that happen.
Instead, the call needs to go out to Apple, RIM, Nokia and Microsoft: Make sure your developers have guidelines in place requiring application-level security of personal and financial information, as well as a clear-cut way for that security to be presented to the user.
Senior Analyst Andrew Garcia can be reached at firstname.lastname@example.org.