Hi all,
I have found the following news on
http://mobilitics.blogspot.com/2009/03/why-nokia-wants-my-email-password.html
very interesting, but as an "end-user" without any internet-technology-skills, to be honest, I cannot say how critical this matter really is. Tested on 5800 and E75, it may well be the same for all other phones with a email wizard:
Let's create an account for user [email][email protected][/email] (his password is "topsecret" but I will not tell it to anybody). After you have entered this information, the wizard will open a network connection and make an HTTP request to URLhttps: //ccds.serviceactivation.ext.nokia.com:443/api/v1/rest/?operation=ccds.provider.determineAccount&applicationCode=email&address=[email protected]&password=topsecret&mcc=244&mnc=91&carrier=sonera
Nice! I just sent to Nokia my email address, password, operator information and terminal type (in HTTP headers, not visible here).
Well, somehow the given information needs to come to the nokia-server to get the wizard-job done. So much is clear. I am not sure, whether the concern is about the clear-text HTTPS-Adress, or whether it is "just" a problem of "I-didn't-know-they-need-it-and-they-safe-it". How easy is it to log that adress-information? How easy the access for malware? Internet and email security is a matter for me, and if a routing computer can log that adress, then I have big security concerns.
I hope I can make my point clear enough as my english fades away...