Sorry didn't know where to post this.
Is there such thing as https is safe in unsecured wifi transmission?
And do apps use https?
![]() ![]() |
I'd say most (good) apps will use https along with certificate pinning, possibly along with an API key for talking back to their servers. Hard to tell if Uber is using https, but they certainly would on the page where they take credit card details (and presumably store a token for re-billing)
On Android I'm sure you can get some type of sniffer or traffic analyzer to ensure that the traffic from an individual app is going out via https.
I;m not saying Uber is safe, but it's a reputable company who have probably had many penetration tests.
https would typically be considered safe over unencrypted wifi. I think it's reasonable to assume Uber secure at least the important parts of their app with https communications.
I wonder about man in the middle type attacks. If someone controls DNS they could point you at any server, but the certificate wouldn't match the URL, so if the Uber app is doing encryption properly it shouldn't establish the connection.
All in all, you'll probably be ok. However, I'd probably use mobile data if you have it, the data volume will be trivially small.
Is the internet safe on free unsecured wifi? Even for apps using https to keep credentials safe, you will be still leaking private data like location, urls you visits, apps you use,.... The risk doesn't worth the few dollars a VPN costs IMO.
Applications can do ssl encryption(https) there are built in libraries on both android and iOS and i'm sure windows would be the same although i have no exact experience with windows phone.
HTTPS encrypts everything after the domain name so while anyone snooping in could tell what app or site your visiting by the domain name they will get nothing else.
As to the main question is the app using encryption its hard to tell without using wireshark to see the data. However I would be very surprised if uber would use HTTP when they have a perfectly valid ssl certificate. There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.
Geoff E
geocom:
There is no reason not to encrypt and if they were not doing so someone would have said something publicly by now.
Encryption requires additional computation. It's often offloaded to dedicated hardware if you have significant scale. So there is a reason not to encrypt, but it's not a great reason.
![]() ![]() |