Android really uses a weak version of SSL encryption?
Hi there! I'm using Android tablet and a new smartphone in my business affairs and I frequently transmit sensitive data over the Internet. That is why I'm always using SSL encryption to work with our remote corporative services. But I've noticed some info on the Web, which tells that Android OS uses a slightly weakened version of SSL, which runs on RC4 algorithm, instead of the well know and reliable SHA1. So, I'd like to know if it is dangerous.
We at Jammer-Store made a little research and have seen that Android has shifted to the more vulnerable RC4 algorithm, since 2.3 version. First of all we have to warn you that it is really less reliable than the original SHA1. Thanks to those vulnerable spots it is possible to steal your cookie-files, that may contain valuable information, such as your logins and passwords. That's why we recommend you to avoid using Android devices to transmit valuable data.
Modern smartphones have much more dangerous security gaps than weak SSL encryption. First of all, they can be literary hacked, when connected to the web via Wi-Fi. Even an active Bluetooth module may compromise your information security. Smartphones gather too much data on your activities, which can be stole too. Just read about the NSA's smartphone scandal and you will see how bad it really is.
You should know, that SSL protocol itself is rather obsolete, it was created 15 years ago and it probably requires initial upgrades. But if you need your information safe right now – try a mobile Internet blocker, that may help to at least block all the wireless connections of your smartphone, for a short time, and may be useful, if someone will try to hack it.
Thanks for your question, I hope, I've managed to help!