Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Is it safe to use a mobile banking app over an open Wi-Fi connection?

//
Hi Leo. I read your bank app article from last August of 2012 but what I’m still wondering is if I’m ok or safe to use my Bank of the West iPad, iPhone app at a McDonald’s or motel’s Wi-Fi and how do I know if my app is using https or not? I should note that our devices are Wi-Fi only – no data and the Bank of the West, my example, has always seemed very security conscience. Thanks.

Well, to answer the question in the middle of this, “How do you know whether your app is using https or not?”

The bad news is you don’t.

And there’s no way to tell which technique a mobile app on an iPad or an iPhone, or on an Android device may use to confirm that it’s using secure connections.

Become a Patron of Ask Leo! and go ad-free!

A while back, I was concerned with this very issue with my Google mail app which I use extensively on my portable devices.

I actually set up a scenario where I had a packet sniffer on a different computer so that I could actually watch the low-level packets go by – and I was able to confirm that the Google mail app on my Android phone (at the time) was using a secure connection to transmit data to and from my device.

I did not confirm for every possible application. It’s just not feasible to do that, but I at least wanted to make sure that that one was doing it right.

By now, most banks should know to use https or an equivalent secured encrypted connection, be it in a web browser or an application.

Online BankingThe key words being most “should.”

Does yours? I don’t know.

If they tell you that they do, can you confirm it? Not really.

So, in my case, I elect to trust my bank and assume that they are indeed using a secure connection on the application. For the bank, the negative repercussions of being found out if they weren’t using a secure connection would be significantly bad PR.

So I have to assume that they are at least scared enough of the public relations issue that they’re at least attempting to do the right thing. But is there a way for you and me to tell? Nope.

7 comments on “Is it safe to use a mobile banking app over an open Wi-Fi connection?”

  1. I suggest using an encrypted VPN if you are worried about security. They encrypt all the traffic, regardless of the application.

  2. Even if a tablet/smartphone app is using SSL that does not mean it is being used correctly. Lots can go wrong and a couple studies have shown that it does go wrong. App developers make some brutal mistakes.

    A VPN is a good idea but not perfect. While it should protect you from snoops in your immediate vicinity, the VPNs available to consumers do not offer end to end encryption. I have tried using a VPN on both Android 2.3 and 4 and its a big pain. I ran into assorted coding errors by Google that my VPN provider had to work around. And on Android 2.3 it required entering two passwords to make a connection.

    In contrast VPNs on iOS worked great for me.

  3. I agree with Leo – just use the bank’s app and don’t worry. If something does go wrong and you lose money, the bank has to repay you anyway, so it’s their risk, not yours.

  4. True, Daniel, but how much time does it take the bank to sort out whether it’s their problem or your problem and then reimburse you. Can you afford to be out of money for that period of time?

    An ounce of prevention is better than a pound of cure.

  5. Greetings, I have a question. If you have google chrome on your mobile phone and for example 9gag app, does your 9gag links you browsed appear in google chrome history? Are google chrome and 9gag app connected?

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.