How secure is MobileMe if used while, well, mobile?

Davey Winder
Monday, 25 August 2008 05:01

Your IT - Home IT

It might seem like something of a silly question, but people are asking just how secure the Apple MobileMe service is if you use it while mobile after learning it has a surprising lack of data encryption functionality...

You might think that Apple has had enough bad press when it comes to MobileMe but it seems this is one product which simply cannot escape from media scrutiny.

I have to say that is hardly surprising given the amount of hugely headline friendly, if not user friendly, ammunition it provides us with. The latest revelation that MobileMe does not encrypt data during transfer is a case in point.

It seems that 'Exchange for the rest of us' does not provide the basic functionality of Secure Sockets Layer support; or any in-browser data encryption for that matter. Which means that any data sent during synchronising is potentially open for all to see.

Yes, MobileMe does encrypt the login process, but that is it. So if you were to happen, say, use your mobile device with MobileMe, via a public hotspot while, you know, being mobile - then your data is at risk of being snooped upon by other users of the same hotspot.

As Daniel Eran Dilger writing at Roughly Drafted reveals in some detail "all email, calendar, and contact data that is exchanged between the web client and the cloud is not encrypted, and can be sniffed by anyone with access to the network."

I would not go so far as to say that this is the deal breaker for MobileMe that some bloggers have suggested. After all, some very popular web mail services do not support SSL either. The problem for Apple could be that its nemesis, Gmail, does.

The other problem being that the kind of data likely to get moved around with MobileMe during a synch operation is exactly that which you would not want someone snooping upon: calendar, contacts and email.

The other, other problem is that users might think that if Gmail can provide this most basic of security features as a free product then surely Apple, which charges USD $99 a year for the service, should do so as well.

Apple has yet to comment upon the situation, perhaps it needs to give the short-lived MobileMe blog the kiss of life?