What I can tell you is that DroidSheep cannot hijack SSL sessions.
#Faceniff for mac android#
Since I don't have an Android device I can't verify whether the Apps use SSL or not ~ but I believe they do simply for security reasons. I guess i will have to test it out to see i managed to hijack my gmail within couple of seconds while using it from a browser But not though the Android app !!! and Thats why i thought that the Facebook App could be secure :) the Faceniff for example can't hijack an HTTPS session while the DroidSheep does very easily. I have tested all kinds of Session Hacking Applications. And VPN like the OpenVPN is blocked by the government. Though Most of my friends doesn't really Root their devices. Thanks buddy i am always on TOR on my phone. This should protect against pretty much all attacks on the Starbucks WiFi or similar. If you decide to use a public WiFi at ShmooCon or DEFCON I suggest not to use any logins. It's not more or less secure than using a Linux laptop (or whatever) on a public WiFi. just make sure to always use HTTPS in addition to Orbot (or any other Onion routing or VPN network)įor Facebook you can enable "Secure Browsing" in the Facebook Account Settings > Security. It is strongly suggested that you do not use public WiFi. If you can i would suggest using your mobile internet.Īnytime you use public WiFi you place yourself at risk. So how secure are Facebook, Twitter and Google+ apps on Android phones? When using a public WiFi hotspot, I usually use Orbot on my Android phone to keep my accounts secure when surfing the internet from session hijacking apps like FaceNiff and DroidSheep etc.