All Around Better Security and Privacy

Tue Jul 16, 2013 9:50 am in Feature Requests

page 1 / 1
droidmaster80
OP

All Around Better Security and Privacy

1. Improved connection security: Always use an encrypted connection. It should not matter what data is being communicated or what connection type (LAN or remote) is being used. At first glance, it might seem reasonable to assume that the user's local network (LAN) is secure. However, I believe that this kind of assumption is dangerous. For example, while it is probably not a great idea to use Airdroid on a public WiFi connection, do not think that people will not try it. (The HTTPS option for Lite mode should be enabled by default for this very reason.) Besides preventing snooping (which the FAQ suggests is prevented by encrypting some types of data when the remote connection mode is used), encrypting the traffic can help to verify that users are really communicating with Airdroid and not some random server designed to steal user passwords. While I understand that data can be secured within [/i]an unsecured connection (i.e. one that does not cause web browsers to show a locked padlock), I believe that this type of protection should augment (not replace) TLS/SSL encrypted connections.

2. Activity log: This feature would involve having the Airdroid app log all activities it has performed (e.g., sending SMS, retrieving photos, lost mode, camera streaming), allowing the user to investigate any possible account hijacking or abuse. It is critical that Airdroid not allow this log to be deleted or modified through the web interface in any way.


3. End to end encryption: Airdroid is in a somewhat unique position on this one because it has no need for any server side processing. Therefore, the connection between the web app running on the user's computer and the Airdroid app on the user's phone could be encrypted end to end, removing (or really just reducing - backdoors are always possible) the possibility of Airdroid itself abusing any user data and practically eliminating security breaches by outside parties.


4. Multifactor authentication: This feature would require the user to provide both his/her password and some other form of authentication at the login screen. Because Airdroid is designed to work even when the user is far away from his/her mobile device, requiring the user to access his phone to retrieve authentication codes (e.g., through Google Authenticator or similar applications) is not the best solution. Perhaps a better idea is to use a grid-style authentication system or provide a list of single use codes for authentication purposes. This feature should, of course, be totally optional.




I'll add that I think Airdroid is an excellent application and that I really appreciate those who develop it. Thank you!
droidmaster80
JodieWood
#1

Title

I would like to second this post because it really concerns me.I was honestly shocked then I found out web.airdroid.com didn't even use HTTPS.
How should I tell it is the server it claims to be?
JodieWood
(Sign in or sign up to post a reply.)
page 1 / 1

Statistics

22651 posts

6163 threads

Members: 146642

Latest Member: Khan Zada

Online: 5