Menu
Free tool reveals mobile apps sending unencrypted data

Free tool reveals mobile apps sending unencrypted data

Datapp is designed for less technical users to see what data isn't protected

Datapp collects unencrypted data traffic and shows what is being transmitted, such as a message or a photograph.

Datapp collects unencrypted data traffic and shows what is being transmitted, such as a message or a photograph.

A surprising amount of mobile data still crosses the Internet unencrypted, and a new free app is designed to show users what isn't protected.

The program, called Datapp, comes from the University of New Haven's Cyber Forensics Research and Education Group (UNHcFREG), which last year showed popular Android applications such as Instagram, Grindr and OkCupid failed to safely store or transmit data.

The reaction to that study prompted the group to create an application where people could test for themselves which applications don't encrypt data and exactly what is exposed, said Ibrahim Baggili, UNHcFREG's director.

There are many security tools that can collect wireless data traffic, but they're usually designed for people with some technical background. Datapp is essentially a traffic "sniffer," along the lines of network traffic analysis tool Wireshark, but much simpler.

"Think of it as Wireshark with an access point for dummies," Baggili said.

Datapp is so far only compatible with computers running Windows 7 or 8. It turns a computer into a wireless access point with which any type of mobile phone can connect.

It can then display unencrypted traffic and reconstruct, for example, messages or images that are sent. For example, Facebook doesn't encrypt content sent using its Messenger, so Baggili said a user could see a selfie he or she sent using the service.

Datapp also logs whether a connection is just http or https, the signifier that a connection is encrypted. It also shows on a map of the world the start and end points of the device's communications.

Apps that don't use encryption are vulnerable to snooping. For example, data sent over a Wi-Fi hotspot could be collected by someone nearby. Groups including the Electronic Frontier Foundation and companies such as Google have made a large public push to encourage developers to use encryption to prevent everything from spying to cybercrime.

The move to https has been slower for some companies that run large infrastructures, as it can require significant development work.

Baggili said UNHcFREG developed the app without any outside funding and is accepting donations to add more features to it. Its lead developer is Roberto Mejia of Brooklyn, New York, who is a master's candidate in computer science. It can be downloaded here.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags securityUniversity of New Haven Cyber Forensics Research and Education Group

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments