Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is it safe to use a mobile banking app over an open Wi-Fi connection?

Question: Hi Leo. I read your bank app article from last August of 2012 but what I’m still wondering is if I’m ok or safe to use my Bank of the West iPad, iPhone app at a McDonald’s or motel’s Wi-Fi and how do I know if my app is using https or not? I should note that our devices are Wi-Fi only – no data and the Bank of the West, my example, has always seemed very security conscience. Thanks.

Well, to answer the question in the middle of this, “How do you know whether your app is using https or not?”

The bad news is you don’t.

And there’s no way to tell which technique a mobile app on an iPad or an iPhone, or on an Android device may use to confirm that it’s using secure connections.

Become a Patron of Ask Leo! and go ad-free!

A while back, I was concerned with this very issue with my Google mail app which I use extensively on my portable devices.

I actually set up a scenario where I had a packet sniffer on a different computer so that I could actually watch the low-level packets go by – and I was able to confirm that the Google mail app on my Android phone (at the time) was using a secure connection to transmit data to and from my device.

I did not confirm for every possible application. It’s just not feasible to do that, but I at least wanted to make sure that that one was doing it right.

By now, most banks should know to use https or an equivalent secured encrypted connection, be it in a web browser or an application.

Online BankingThe key words being most “should.”

Does yours? I don’t know.

If they tell you that they do, can you confirm it? Not really.

So, in my case, I elect to trust my bank and assume that they are indeed using a secure connection on the application. For the bank, the negative repercussions of being found out if they weren’t using a secure connection would be significantly bad PR.

So I have to assume that they are at least scared enough of the public relations issue that they’re at least attempting to do the right thing. But is there a way for you and me to tell? Nope.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “Is it safe to use a mobile banking app over an open Wi-Fi connection?”

  1. I suggest using an encrypted VPN if you are worried about security. They encrypt all the traffic, regardless of the application.

    Reply
  2. Even if a tablet/smartphone app is using SSL that does not mean it is being used correctly. Lots can go wrong and a couple studies have shown that it does go wrong. App developers make some brutal mistakes.

    A VPN is a good idea but not perfect. While it should protect you from snoops in your immediate vicinity, the VPNs available to consumers do not offer end to end encryption. I have tried using a VPN on both Android 2.3 and 4 and its a big pain. I ran into assorted coding errors by Google that my VPN provider had to work around. And on Android 2.3 it required entering two passwords to make a connection.

    In contrast VPNs on iOS worked great for me.

    Reply
  3. I agree with Leo – just use the bank’s app and don’t worry. If something does go wrong and you lose money, the bank has to repay you anyway, so it’s their risk, not yours.

    Reply
  4. True, Daniel, but how much time does it take the bank to sort out whether it’s their problem or your problem and then reimburse you. Can you afford to be out of money for that period of time?

    An ounce of prevention is better than a pound of cure.

    Reply
  5. Greetings, I have a question. If you have google chrome on your mobile phone and for example 9gag app, does your 9gag links you browsed appear in google chrome history? Are google chrome and 9gag app connected?

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.