Android Facebook app fails to encrypt private data

The Android Market’s Facebook app may be putting users’ privacy at risk, by failing to encrypt personal data sent to the social network, according to a university professor.

Computer science professor Dan Wallach, of Rice University, monitored the traffic transmitted by the Facebook app on his Android smartphone.

While the app successfully encrypted passwords, Wallach found that personal data, such as private messages and photos, were being sent from the app unencrypted.

This means that anyone could potentially eavesdrop on personal information over an unsecured wi-fi network.

Wallach’s findings come only recently after Facebook introduced HTTPS encryption to its service, which provides protection against eavesdroppers.

‘People for right or wrong treat Facebook as something that’s more personal and private,” Wallach told The Register. “With Facebook, we never saw a password going back and forth, but there was unencrypted traffic, which is interesting because I’ve set my Facebook web client to use their new SSL-all-the-time feature. But that doesn’t reflect onto the Facebook app on Android.”

Wallach also found the same problem affected Google Calendar, which could allow your schedule to be viewed by unauthorised people.

Both Facebook and Google have said they are planning on bringing data encryption to their Android apps soon.