Public Wifi Android security question

[walker7366]

Okay, so I have used a VPN religiously for the last few years whenever I am on public wifi. But sometimes a VPN won't connect. My question is: If you do not manually enter login information, how secure is your Android device for general browsing, considering all the stuff it does in the background (logging you into this or that to check this or that)? For example, I use the Gmail app on my phone. It checks email in the background and shows me a notification if I have a new email. My question is: How secure is what's going on in the background, if I'm not using a VPN? Can someone snatch my username and password from the background app communication going on, even if I don't manually enter them? How unsafe is it REALLY not to use a VPN on a secure public network (at a bar or coffee shop) if you're only casually browsing, using Google Maps app, even sending emails via the Gmail app, but never actually manually entering a username and password into anything?

 

[SpookDroid]

As secure as any other data packet traveling over WiFi. Your login info isn't being transmitted even for background apps as they already have the access 'token', but in public WiFi the biggest hurdle is you connecting to someone else's hotspot masked to seem like the network you want, which will make it very easy for them to see the data packets you transmit and, with the right tools, be able to extract SOME information from it (after all, nowadays a lot of the data in our apps is encrypted).

 

[Rukbat]

Or someone putting a wii adapter into promiscuous mode, so it grabs all the packets floating by, and logs them. Then a program like Wireshark can break them up into something readable, so someone is reading your emails, seeing what web pages you're browsing (unless the address starts with https instead of http - that doesn't make it impossible, but it makes it a lot harder), etc. NEVER access your bank information, never put a credit card number into anything to pay for something, etc. Not even with a VPN. Banking and Pay apps, if they're broken into (and that includes PayPal) can get your account cleaned out quickly.

 

[walker7366]

I'm still unclear as to whether a snooper can snatch sensitive information that my android is sending/receiving in the background (again, using the Gmail app example of it checking email in the background).

Put simply: If you do not manually enter any sensitive information into any app or setting on your phone while on public wifi, what sensitive information (if any) can a snooper see and take from your phone? And by sensitive, I mean usernames and passwords (I don't care if someone sees what innocuous web pages I visit).

 

[SpookDroid]

The stock apps are all using secure protocols (again, not easy to break, but not impossible with the right tools/time/skills/need). If you're using a 3rd party app that's poorly coded or using a 'plain' site, then the info is not secure BUT most of the time the login info isn't sent, only the access token data.