Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Batman

Mad Scientist
29760 posts

Uber Geek

Trusted
Lifetime subscriber

#210463 28-Mar-2017 15:03
Send private message

Sorry didn't know where to post this.

 

Is there such thing as https is safe in unsecured wifi transmission?

 

And do apps use https?


Create new topic
JonnyCam
643 posts

Ultimate Geek

ID Verified

  #1749482 28-Mar-2017 15:28
Send private message

I'd say most (good) apps will use https along with certificate pinning, possibly along with an API key for talking back to their servers. Hard to tell if Uber is using https, but they certainly would on the page where they take credit card details  (and presumably store a token for re-billing)

 

 

 

On Android I'm sure you can get some type of sniffer or traffic analyzer to ensure that the traffic from an individual app is going out via https. 

 

I;m not saying Uber is safe, but it's a reputable company who have probably had many penetration tests.

 

 

 

 




timmmay
20574 posts

Uber Geek

Trusted
Lifetime subscriber

  #1749516 28-Mar-2017 15:50
Send private message

https would typically be considered safe over unencrypted wifi. I think it's reasonable to assume Uber secure at least the important parts of their app with https communications.

 

I wonder about man in the middle type attacks. If someone controls DNS they could point you at any server, but the certificate wouldn't match the URL, so if the Uber app is doing encryption properly it shouldn't establish the connection.

 

All in all, you'll probably be ok. However, I'd probably use mobile data if you have it, the data volume will be trivially small.


marpada
475 posts

Ultimate Geek


  #1749707 28-Mar-2017 19:52
Send private message

Is the internet safe on free unsecured wifi? Even for apps using https to keep credentials safe, you will be still leaking private data like location, urls you visits, apps you use,.... The risk doesn't worth the few dollars a VPN costs IMO.




geocom
594 posts

Ultimate Geek

Subscriber

  #1749754 28-Mar-2017 20:52
Send private message

Applications can do ssl encryption(https) there are built in libraries on both android and iOS and i'm sure windows would be the same although i have no exact experience with windows phone.

 

HTTPS encrypts everything after the domain name so while anyone snooping in could tell what app or site your visiting by the domain name they will get nothing else.

 

As to the main question is the app using encryption its hard to tell without using wireshark to see the data. However I would be very surprised if uber would use HTTP when they have a perfectly valid ssl certificate. There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.





Geoff E


timmmay
20574 posts

Uber Geek

Trusted
Lifetime subscriber

  #1749777 28-Mar-2017 21:08
Send private message

geocom:

 

There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.

 

 

Encryption requires additional computation. It's often offloaded to dedicated hardware if you have significant scale. So there is a reason not to encrypt, but it's not a great reason.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.