Considering I will mostly be using those when I am not home (and thus not have access to a real computer), I have started some analysis to find out which of this applications I can securely use on a public WiFi (or using my mobile internet connection) without fearing to have any data compromised to eavesdroppers (like the WiFi hoster or – if the WiFi is public or the key is known to many people – a third-party that can intercept the datastream); the long and the short of it, I wanted to find out which of the applications sends unencrypted data to the Internet.
I connected my computer (which luckily has two Ethernet cards) to the router with both of them, connected the Android phone to the WiFi of the router and manually set my computer as the gateway, which in turn forwarded all the data back to the router again. Then I started up Wireshark and thus could see all traffic coming from the smartphone, and have drawn the following conclusions:
- Google Talk seems safe to use as neither the plaintext of the account credentials nor the one of the messages sent can be found in the data sent.
- eBuddy (a multi-IM client inter alia supporting MSN) seems to only encrypt the password when logging in, and definitively does not encrypt the user-name or any messages sent over MSN.