IPhone – Login to AppStore over cellular data, jump on public wifi, download/install app is “safe”

cellular-dataiphoneSecuritytcpwifi

Is it "safe" to install an App as such:
(1) using only a cellular data connection (wifi turned off) login to the App Store.
(2) enable wifi.
(3) connect to public wifi network.
(4) disable cellular data.
(5) download app.
(6) enable cellular data.
(7) disable wifi.
(8) install app.

The iPhone can jump between wifi and cellular data without breaking a tcp connection right?

Best Answer

Your scenario won't work I'm afraid, because a TCP connection is created between a source IP address and port, and a destination address and port.

In your scenario, your phone's source IP address would change when switching network interfaces. This would break the connection, so the App store will not recognize that you already connected before, even though you securely connected over TLS (HTTPS)

Related Solutions

What are the risks of connecting an iPhone to an unsecured wireless network

The iTunes Store uses HTTPS for most of it (if not all), at least that's how it was when I checked.

Regarding your specific question, you have to consider the iPhone is another regular device, albeit full of limitations in the tweaking department, it still runs a OS X variant, with derived UNIX parts, etc. So for the sake of this question, let's say your iPhone is a computer running some form of Unix Operating System; with that in mind, all the security risks that affect a computer are valid. Should the iPhone (and iOS) have a remote vulnerability, you would be exposed, just like your Macbook or your Windows computer or even your Linux Box.

Using 'open' Wi-Fi means anyone can log in and inspect the traffic. Anyone trying to do malicious stuff will be eavesdropping and listing for traffic in the network.

If you send an email, it will likely be unencrypted and visible. If you use IM (MSN, Yahoo, iChat/AIM, Jabber, etc.) you are likely not encrypted either (nor using a secure channel by default).

When using Safari, anything that doesn't go though some form of HTTPS is visible. Cookies and Data, with all the associated risks.

So as you can see, and excluding particular OS vulnerabilities, we're very exposed when using open networks. Most people doesn't really care or know but the risks are there (and so are the malicious users) :)

Connecting through a VPN will help with your traffic, but I have never used a VPN on an iPhone and thus I don't know what the capabilities of that are.

IPhone – Is the iPhone always using Wifi (instead of cellular data network) when connected

No.

IPhone will use the cellular connection for push notifications at any time, unless

Settings > General > Network > Cellular Data

is turned off.

Also, if the lock screen is on, then iPhone is connected to the cellular network, not wifi.

IPad is always connected to wifi, lock screen or no.

Best Answer

Related Solutions

What are the risks of connecting an iPhone to an unsecured wireless network

IPhone – Is the iPhone always using Wifi (instead of cellular data network) when connected

Related Question