Can iPhone Apps "see" your data or information?

I would like to install one of the iPhone apps that allows me to remotely log into my home network from wherever I am. Does anyone know if these apps can see my login and password as I enter it to authenticate against my server?

Lets say the app is VNC. I am not sure I will go with that but lets use that as the example app. Could the developers of VNC "see" my information in any way OR is that app locally installed and is my userid/password being sent across 3G to my home network, without ever going to the app developer's server?

I guess this could go for a great number of the apps out there - not just remote control software but for my purposes, I'd like to know about remote control software.

Taptronic

Posted 2009-09-05T02:06:39.927

Reputation: 911

Answers

Josh is right.

With VNC , the client (may it be iPhone or PC it doesn't matter) VNC authenticates directly with the server you are intending to connect to. It does not go to any other server, so no the developers would not see it.

However, keep in mind that VNC connections could be "sniffed" by others on the internet where your traffic flows through. So, I would reccomend setting up VNC over SSL or some sort of encrypted tunnel to minimize the chances of that happening.

But otherwise to answer your question no, the password will not be seen by anyone else, unless someone is "sniffing" for this information and you are not using encryption.

The same goes for any other type of connection really, such as HTTP, FTP.. they can all be sniffed. (But not HTTPS for example)

(On a side note, this is why you should never buy anything on a web site that is not using an encrypted protocol such as HTTPS)

7wp

Posted 2009-09-05T02:06:39.927

Reputation: 1 410

How to ensure I am using SSL over the iPhone to remotely connect to my network? I havent downloaded any app so I dont know if that is an option of the app or is that an option at my network/server? I am leaning toward VNC because I've used it to connect within my own home network but never from outside in (or vice-versa) – Taptronic – 2009-09-05T02:30:14.787

1Well not sure over iPhone... I use VNC myself, but I don't use it on the iPhone, i use it connecting from my work. For me, I use openVPN server on my home server, and openVPN client on the computer at work. (I use openVPN to create the encrypted tunnel) I make a connection using openVPN, then i start up my VNC client to remote into my desktop. Maybe that could be another question for SuperUser :) "How do I use SSL or some other encryption for VNC on the iphone" :) – 7wp – 2009-09-05T02:38:30.890

Post a link to your question if you end up asking it... I am curious myself :) – 7wp – 2009-09-05T02:45:35.497

Technically, yes. Proably, no.

What happens is that the VNC app is installed onto your iPhone. When you attempt to connect to your computer remotely using this application, it should not send any of this data to the developers, or to any third party.

While it is technically possible for the developers of the app to put malicious code into their VNC app, this is the reason Apple reviews the applications, and they go through a strict vetting process to ensure that users are not being taken advantage of.

Josh Hunt

Posted 2009-09-05T02:06:39.927

Reputation: 20 095

I didnt think about the App Store reviews and all. Thats probably partly why there is a backlog on app accepts and maybe why some fail, etc. Good point +1 ! – Taptronic – 2009-09-05T02:32:18.497

1Yes that is true. But also know that the original makers of VNC such as realVNC or ultraVNC have been around for a while and used by many people and is considered trusted. Even when I download a VNC client for my PC, I always make sure I am downloading it directly from their site rather than a third party download site because it could have been altered to have malicious code, like josh pointed out. – 7wp – 2009-09-05T02:42:10.290