If iOS Apple Apps and 3rd party iOS apps are required to transmit data over an HTTPS connection which is thus encrypted, isn’t the risk of using public WiFi greatly reduced?
The WiFi connection itself might not be encrypted, but the data flowing to and from the iPhone / iPad apps to and from the associated servers is required to be encrypted.
So where is the risk in using public WiFi connections?
Information and Network Security is is huge subject - and is highly technical. There are many risks associated with use of “public” WiFi.
Without digging deeply into the vulnerabilities of the many communications protocols that are utilised by your device, or the many ways your internet-traffic can be intercepted, manipulated, or decrypted - or the many ways that your device can be directly compromised - you simply need to be aware that any “publicly” accessible WiFi network is fundamentally insecure.
You cannot rely solely upon one internet protocol, such as “https”, to provide adequate protection. The “https” URL prefix merely indicates that one of a suite of protocols (such as SSL or TLS) are in use to encrypt data between your browser and the serving web page; it does not guarantee the security of the entire network protocol stack or communications path.
Public WiFi is an easy target for cyber-crime and cyber-attacks. The best advice is to always use a VPN (with no split-tunnelling) to protect your internet traffic on the Public WiFi network. Using a VPN provides a good measure of security over the public (i.e., highly insecure) WiFi network - at least to the VPN Gateway to which you connect. Next you need to consider the security of the VPN solution/provider.
If the VPN Gateway is in your control, assuming also that you have adequate skills, it can be configured to be highly secure. If you should utilise a commercial VPN provider, you need to consider the implications with some care.
In general, if concerned for your security, you should avoid “free” VPN providers. Consider that all VPN services cost money to run - and if you are not paying for the product, then you (and your data) are the product to be monetised. By contrast, most reputable “paid” VPN solutions monetise and fund their service though subscription payments - and should therefore not be interested in your data; the service model of a “paid” VPN service is to provide security - not exploit the “customer”.
In summary, a paid VPN from a reputable provider should therefore provide good (and trustworthy) security for your data over publicly accessible networks, between your device and the VPN Gateway.
Whilst it is impossible here to describe all the risks associated with Public WiFi networks, I hope you find this advice helpful in providing a useful primer and solution.
Information and Network Security is is huge subject - and is highly technical. There are many risks associated with use of “public” WiFi.
Without digging deeply into the vulnerabilities of the many communications protocols that are utilised by your device, or the many ways your internet-traffic can be intercepted, manipulated, or decrypted - or the many ways that your device can be directly compromised - you simply need to be aware that any “publicly” accessible WiFi network is fundamentally insecure.
You cannot rely solely upon one internet protocol, such as “https”, to provide adequate protection. The “https” URL prefix merely indicates that one of a suite of protocols (such as SSL or TLS) are in use to encrypt data between your browser and the serving web page; it does not guarantee the security of the entire network protocol stack or communications path.
Public WiFi is an easy target for cyber-crime and cyber-attacks. The best advice is to always use a VPN (with no split-tunnelling) to protect your internet traffic on the Public WiFi network. Using a VPN provides a good measure of security over the public (i.e., highly insecure) WiFi network - at least to the VPN Gateway to which you connect. Next you need to consider the security of the VPN solution/provider.
If the VPN Gateway is in your control, assuming also that you have adequate skills, it can be configured to be highly secure. If you should utilise a commercial VPN provider, you need to consider the implications with some care.
In general, if concerned for your security, you should avoid “free” VPN providers. Consider that all VPN services cost money to run - and if you are not paying for the product, then you (and your data) are the product to be monetised. By contrast, most reputable “paid” VPN solutions monetise and fund their service though subscription payments - and should therefore not be interested in your data; the service model of a “paid” VPN service is to provide security - not exploit the “customer”.
In summary, a paid VPN from a reputable provider should therefore provide good (and trustworthy) security for your data over publicly accessible networks, between your device and the VPN Gateway.
Whilst it is impossible here to describe all the risks associated with Public WiFi networks, I hope you find this advice helpful in providing a useful primer and solution.
Hello,
Apple has taken great measures to increase user's security however not all websites use https which can pose as a potential security threat.
Understood.
But assuming I’m not randomly surfing the internet, and that I’m only using apps, all data would be encrypted correct.
So let’s say I’m using the Bank of America app, or the Google Sheets app, all the data between those apps and the associated servers is encrypted regardless on the lack of encryption on a public / open WiFi. Thus no or little risk, correct?
thanks.
Thanks very much.
iPhone / IPad Public WiFi Security
