Author Topic: Any risks of signing into Gmail on my smartphone?  (Read 835 times)

0 Members and 1 Guest are viewing this topic.

Offline Quetzalcoatl

  • Frequent Poster
  • ******
  • Posts: 3035
Any risks of signing into Gmail on my smartphone?
« on: July 03, 2015, 01:30:15 PM »
I do have a smartphone (a Sony Xperia, a few years old), but I have not signed in with my Gmail on it ever (yeah I'm old-fashioned). I don't get that many e-mails anyways. However for some occasions it would be really convenient to do so.

I wonder, are there any risks of signing in to my Gmail account on my smartphone? Like hackig devices scanning the air or whatever? May it depend on which country I am in?
"Large skepticism leads to large understanding. Small skepticism leads to small understanding. No skepticism leads to no understanding." - Xi Zhi

Offline Morvis13

  • Big Ol' Goober
  • Planetary Skeptic
  • *
  • Posts: 22970
  • Natural Source of Paranoia
Re: Any risks of signing into Gmail on my smartphone?
« Reply #1 on: July 03, 2015, 02:01:27 PM »
With tens of millions of smartphones with accounts on them you think the TSA checks them all? You should be fine.
Murphy's Law: Anything that can go wrong will go wrong.
Morvis' Law: Anything that does go wrong is my fault.

Offline Johnny Slick

  • "Goddammit, Slick."
  • Poster of Extraordinary Magnitude
  • **********
  • Posts: 11990
  • Fake Ass Skeptic
Re: Any risks of signing into Gmail on my smartphone?
« Reply #2 on: July 03, 2015, 05:03:50 PM »
My android phone uses my Gmail account as the basis for everything else it does (including my contacts, programs I've downloaded and/or purchased, home and work locations in the Maps app, and so on), so I think with Android phones at least they've got the security taken care of pretty well. If anything it's better to have a system where you've pre-signed in to an account because there's always the chance that a hacker could be using a keylogger, which wouldn't apply if you aren't actually entering the password in (they might see the packet you send but that packet is encrypted and https is not terribly easy to decrypt if you don't have one or both of the keys).
Speak what you think now in hard words, and to-morrow speak what to-morrow thinks in hard words again, though it contradict every thing you said to-day.

- Ralph Waldo Emerson

Offline andy o

  • Not Enough Spare Time
  • **
  • Posts: 245
Re: Any risks of signing into Gmail on my smartphone?
« Reply #3 on: July 03, 2015, 05:09:11 PM »
What are you worried about? Someone checking your email, or someone Hollywood-movie style getting your info from your pocketed phone via an antenna they're pointing at you?

If the former, your security is as strong as your phone's security lock. If the latter, can't be done, at least if you don't have malware in your phone. And by "malware" I mean an app that you let access to your email explicitly (but unknowingly it's malicious). So, if you just use the official Gmail app, you're fine.

Another vector of attack that is more realistic (but still unlikely to happen to you) is that someone on the same unsecured WiFi network as you is snooping, but most communications apps, including Gmail, send encrypted data.

Something to note about security in general that is very important: set "2 step" or "2 factor" authentication whenever you can. For instance, with Google, whenever someone logs in from a new device or browser to your account (and puts in the correct password) a one-time 6-digit code is asked for access. This code can be seen on a device that you usually carry with you, your phone for instance. There is an app called Authenticator that will generate these codes for you, or you have the option for Google to send you an SMS with it if you've registered your number with it.

You can also print a list of backup codes that you can keep in your wallet and use. If you have a 3rd party app that requires a Google login, you can also generate unique app-specific passwords for them so you don't have to give them your Google password.

Facebook and other companies have implemented this as well.

Offline kvuo75

  • Well Established
  • *****
  • Posts: 1180
Re: Any risks of signing into Gmail on my smartphone?
« Reply #4 on: July 07, 2015, 07:26:59 PM »
a hacker could be using a keylogger, which wouldn't apply if you aren't actually entering the password in (they might see the packet you send but that packet is encrypted and https is not terribly easy to decrypt if you don't have one or both of the keys).

wait.. a keylogger has to be installed on the victim's system to start with doesn't it?

i've always assumed apple looks for stuff like that before they approve an app.. does not google/android?

packet snooping and whatnot i can understand but like you guys said it's all encrypted.


Offline Johnny Slick

  • "Goddammit, Slick."
  • Poster of Extraordinary Magnitude
  • **********
  • Posts: 11990
  • Fake Ass Skeptic
Re: Any risks of signing into Gmail on my smartphone?
« Reply #5 on: July 07, 2015, 07:42:49 PM »
a hacker could be using a keylogger, which wouldn't apply if you aren't actually entering the password in (they might see the packet you send but that packet is encrypted and https is not terribly easy to decrypt if you don't have one or both of the keys).

wait.. a keylogger has to be installed on the victim's system to start with doesn't it?

i've always assumed apple looks for stuff like that before they approve an app.. does not google/android?

packet snooping and whatnot i can understand but like you guys said it's all encrypted.
I don't think Google does a lot of curation, no. As long as it doesn't crash the entire phone when you start the app, you're generally free to go. The scenario I was looking at though was someone doing something like uploading a keylogger to your phone via a public wi-fi system, which, while really, really unlikely to happen, is also about equally preventable on both iThings and Android products.
Speak what you think now in hard words, and to-morrow speak what to-morrow thinks in hard words again, though it contradict every thing you said to-day.

- Ralph Waldo Emerson

Offline kvuo75

  • Well Established
  • *****
  • Posts: 1180
Re: Any risks of signing into Gmail on my smartphone?
« Reply #6 on: July 07, 2015, 08:19:35 PM »
The scenario I was looking at though was someone doing something like uploading a keylogger to your phone via a public wi-fi system,

i didn't even know that was possible..  but now thinking back to my 90's linux memories what with buffer overflows and such. ahh ok yeah..  every update was because of a listening port for sendmail or something that could be overflowed and start executing commands as root..

this reminded me of something from mid 90's sysadmining a linux machine that was on a static ip that i'd run my own web site and handle my own email, and i used to see oddball ip's probing my system in the logs all the time.. asked some oldschooler wtf is all that, he said just send your logs to a cheap dotmatrix printer on lpt1  in addition to the file, so you at least have a hard copy of what happens when they fuck your shit up. because apparently that's common.. they always delete the logs after you mess around in your unix machine, but cant delete paper, beech! i thought that was genius.  never did it, but thought it was cool idea.

fwiw, text logs of everything that happens was/is still a handy thing.