Privacy Protection for Handheld App Webpage Access? 12
Prof. Jonathan Ezor, Touro Law Center asks: "Is anyone using a third-party application on a Treo, Blackberry or other handheld to access login-protected Internet resources such as eBay, satellite radio services, and the like? (I'm thinking of programs like Abidia or MiniXM.) If so, have you thought at all about who might be running those services, and who is getting access to your login information via the service in addition to the site you want to access? If this does concern you, what have you done about it?"
Not only handhelds (Score:4, Informative)
The problem is not really the software, but rather the web services. It would make more sense for the web services to give out disposable access tokens than to require users to give their account information to untrusted programs. Yahoo! [yahoo.com] is sort of using this approach with their developer IDs. If they added the ability to remove existing IDs, you'd have a fairly secure system to authenticate to web services via third-party programs, which wouldn't require that much additional effort or infrastructure.
Comment removed (Score:4, Informative)
Answers the questions, in full. (Score:1, Informative)
Ask, and then evaluate (Score:4, Informative)
The same due dilligence is required for mobile apps as for desktop apps that act as service "proxies". One would assume the mobile apps in question just store your credentials locally on the device, and only send them to the online service for authentication when required (via http(s)... sometimes via webservice, sometimes with straight-up post and get requests). Also, back-to-base communication in such apps tends to be common... looking for new versions, etc... which looks like where your concerns may lie - what, if anything, is being sent back to this middle-man company? (I assume that's what we're talking about, and not a designed-for-mobile-website that works in a similar way.)
With desktop apps that do this sort of stuff, you tend to have the benefit of a reasonably large community that will pounce on any dodgy behaviour present in the apps. There are usually always savvy users using all sorts of utilities that can expose dodgy behaviour. You may not have this kind of luxury with mobile apps at the moment.
But common sense should help a lot. Asking really helps, too.
For commercial apps, I would just contact the company directly and ask what, if anything, gets sent back-to-base or if the app has any phone-home behaviour at all. If you don't trust the vendor all that much, but are unable to choose an alternative application for whatever reason, then you could always evaluate the app in an emulator on a desktop PC and check whether it's just contacting the service (eBay or whatever), or if it's also trying to contact the vendor.
Open source mobile apps make the source-code available as well (obviously... sorry for the redundancy). If you're not into trawling through the source (or if it's using a platform/framework/language/etc that you're not too familiar with) then it should be fairly easy to contact the development team directly and ask them the simple "does it phone-home?" question.
So, I'd ask first, and then verify the expected behaviour by running it in an emulator, and logging it's network requests. If there's a mobile firewall product (a ZoneAlarm equivalent... others will have their favourites) that can prompt on connection requests, that'd be neat - you could deny the unexpected ones.
Opera Mini (Score:4, Informative)
Opera mini works through a proxy which will crunch down web pages to make them more palatable for a mobile device, however you now have a proxy which has full access to every page you navigate and will store all of your passwords.
This is all clearly noted in the EULA but if, as most people will, you just accept without thinking you may not be aware of this. I had a brief trawl of the opera website looking to see if i could find the EULA to post an example but could not find the text of this agreement. This worries me as the only time i have found you can view this agreement is on the hanset the first time you connect to the service (yes opera now have detail of your handset before you agree to the EULA).
Opera makes all the right noises are made about privacy and to be honest this browser is just too good not to use but there is no way in hell i'd use it for anything that requires an iota of security.
Re:Opera Mini (Score:2)
Re:Opera Mini (Score:2)
One more rhing, where can I download this modern marvel for Symbian ?
Re:Opera Mini (Score:2)
This isn't a mini version, but a full blown one that renders locally. It shows how inadequate my phone is (16MB RAM, 146MHz CPU) for browsing the web - anything more than a few anigifs, javascripts, or full sized images and the phone slows to a crawl. Toss in Java applets and you've got a battery sucker as the CPU gets pegged at 100%.
(That sai
Re:Opera Mini (Score:1)
That's all well and good if you have a device capable of running in this way but this article is about proxy services and if you trust the company running the service with your private data.
Opera provides a service (an excelent service IMO) unfortunately in order to make this service wor
Thanks, all (Score:2)