HTTPS for the web browser to AirDroid site portion?

Fri May 24, 2013 3:13 am in Feature Requests

page 1 / 1
LinuxETC
OP

HTTPS for the web browser to AirDroid site portion?

Just a simple request to help secure things a bit more between AirDroid on the web browser and smartphone device. I noticed the web browser portion is not using HTTPS (just HTTP) when opening the desktop (via "web.airdroid.com") to the smartphone device. I tried the URL "https://web.airdroid.com" but noticed you do not have this active from Firefox, Chrome/Chromium, and Opera which all returned a 404 response from your nginx server. In my honest opinion, this would help make your product more secure on both ends since you do have the feature of "HTTPS" enabled (or not) on the smartphone device end.

Note: This is not a duplication of the Forum thread "No HTTPS in Firefox anymore?" which I believe is referring to the connection from AirDroid server to the smartphone device. I am referring to web browser to AirDroid server portion.
LinuxETC
enfi
#1

Re: HTTPS for the web browser to AirDroid site portion?

Just a simple request to help secure things a bit more between AirDroid on the web browser and smartphone device. I noticed the web browser portion is not using HTTPS (just HTTP) when opening the desktop (via "web.airdroid.com") to the smartphone device. I tried the URL "https://web.airdroid.com" but noticed you do not have this active from Firefox, Chrome/Chromium, and Opera which all returned a 404 response from your nginx server. In my honest opinion, this would help make your product more secure on both ends since you do have the feature of "HTTPS" enabled (or not) on the smartphone device end.

Note: This is not a duplication of the Forum thread "No HTTPS in Firefox anymore?" which I believe is referring to the connection from AirDroid server to the smartphone device. I am referring to web browser to AirDroid server portion.

I dont know if it is already fixed, but i have the same request, https://web.airdroid.com is not enable. Why?
enfi
Lillian Admin
#2

Re: HTTPS for the web browser to AirDroid site portion?

Just a simple request to help secure things a bit more between AirDroid on the web browser and smartphone device. I noticed the web browser portion is not using HTTPS (just HTTP) when opening the desktop (via "web.airdroid.com") to the smartphone device. I tried the URL "https://web.airdroid.com" but noticed you do not have this active from Firefox, Chrome/Chromium, and Opera which all returned a 404 response from your nginx server. In my honest opinion, this would help make your product more secure on both ends since you do have the feature of "HTTPS" enabled (or not) on the smartphone device end.

Note: This is not a duplication of the Forum thread "No HTTPS in Firefox anymore?" which I believe is referring to the connection from AirDroid server to the smartphone device. I am referring to web browser to AirDroid server portion.

I dont know if it is already fixed, but i have the same request, https://web.airdroid.com is not enable. Why?

Hey guys.To improve better user experience, we have removed https shown on the IP address, and adopted HTTP to be shown in the IP address. However,the public web resources, like various icons, buttons and codes, are transferred over HTTP, while the private user data is always transferred over secure HTTPS and WSS protocols. The connection is encrypted.You can rest assured of the security of this :)
Lillian
Admin
Nino+Landler
#3

Re: HTTPS for the web browser to AirDroid site portion?

Hello!

You posted a picture in the FAQ, showing Chrome in developer mode connecting to a secure server under Network. I cannot find this information anywhere now, and chrome just states the web site is not secured.

Also, why does it improve user experience removing the https? For me it just feels less secure that way.

Regards Nino
Nino+Landler
Kevin
#4

Re: HTTPS for the web browser to AirDroid site portion?

Hello,

It has been a while since then. I personally feel unsafe over the https issue. Google Chrome has stated clearly that the site is not secure and we shall not enter any private information. I'm not techy person and have no idea how a connection can be half http and half https like what Lilian Admin said.

Instead of causing insecurity for users, why not implement 100% secure site? I request that, and maybe on behalf of all Airdroid web users. Thank you.
Kevin
David Casey
#5

Re: HTTPS for the web browser to AirDroid site portion?

@Airdroid you should definitely be using https:// for your websites, as well as securing all app communications.

If your users don't see you having a strong security posture in visible areas such as on this forum and the web.airdroid.com site, they aren't going to be able to trust that you're securing their important details when being communicated through less visible means.
Mic+De+Marco likes this post.
David Casey
Mic+De+Marco
#6

Re: HTTPS for the web browser to AirDroid site portion?

@Airdroid you should definitely be using https:// for your websites, as well as securing all app communications.

If your users don't see you having a strong security posture in visible areas such as on this forum and the web.airdroid.com site, they aren't going to be able to trust that you're securing their important details when being communicated through less visible means.

Agree 100%. I just installed the app to use my phone from the browser. I really enjoyed the experience until I realised it was all over http. I cannot understand how a tool to control your phone can be served over http. Unfortunately I will have to find some other alternative until https is supported.

Airdroid.com please give this priority!
David Gauvain likes this post.
Mic+De+Marco
rav_kr
#7

Re: HTTPS for the web browser to AirDroid site portion?

Are there any plans to do so? It's not good feeling when you know that someone could hijack your password and data why using http://web.airdroid.com/
rav_kr
Frédéric Hannes
#8

Re: HTTPS for the web browser to AirDroid site portion?

In 2017 there's no excuse for not using SSL encrypted connections for everything.
2 people like this post.
Frédéric Hannes
Rob Di Toro
#9

Re: HTTPS for the web browser to AirDroid site portion?

+1 for HTTPS for all assets.
There's no advantage to having mixed-site content (eg– icons over https) in modern browsers.

In fact, the adoption of synchronous file transfers (HTTP/2 compliancy) by modern browsers means that multiple elements actually load faster using TLS!
jakespeed likes this post.
Rob Di Toro
(Sign in or sign up to post a reply.)
page 1 / 1

Statistics

24655 posts

7416 threads

Members: 235022

Latest Member: Mobile Pasha

Online: 33