Nokia Faces Privacy Backlash Over Xpress Browser

Nokia is finding itself on the defensive this week as it tries to downplay concerns over its decryption of user data through its Xpress Browser.

The browser, available as a beta download for Lumia users, in addition to being on the company’s Asha devices, works like Opera Mini or Amazon’s Silk browser; it compresses your web data in an attempt to speed page load times and lower mobile data usage. The problem is how it handles HTTPS encrypted connections.

As one security researcher posted this week, Nokia is performing what’s known in the field as a Man In The Middle attack, where it sits between you and the site you’re trying to reach securely, decrypting any message heading between the two parties, and then re-encrypting it on the other side.

Now, maybe that shouldn’t be so surprising, since the whole idea of the Xpress browser is that Nokia has access to your data, performing its optimization, but the issue seems to be that Nokia wasn’t particularly explicit that it was doing the same for encrypted connections. Opera Mini makes it clear that it does just what we’re talking about Nokia doing here, while Amazon only optimizes unencrypted connections, and lets encrypted data pass through Silk untouched.

Nokia has responded that it “has implemented appropriate organizational and technical measures to prevent access to private information,” but the fact remains that your potentially sensitive data is well within the company’s reach.

To its credit, the company intends to look into making it more clear exactly just how Xpress works, explaining, “we aim to be completely transparent on privacy practices. As part of our policy of continuous improvement we will review the information provided in the mobile client in case this can be improved.”

Source: GigaOM

Discuss This Post

Read More

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!