Thursday, April 16, 2009

Info about the "Nokiagate"

Today has been an extremely busy day here at Mobilitics and lots of questions have been asked about the Nokiagate, both in post comments and private mail. Let me answer all of those at once.

Yes, Nokia is very much aware of this. I have made a report and they are working on this. Someday they will come out and give comment.

I am not talking here about Nokia Messaging or any other service they are providing. This case is about acessing your mailbox using IMAP without any extra middleware. You input information to connect to your email account and that information goes to Nokia's server. When the deployment server has tested that your account details are OK, information comes back to your terminal and the account is created. Now communication happens between your terminal and the actual email server just as it should.

Having said that, now it must be clear to everybody that Nokia's server is actually logging in to the email account when verifying the credentials. Test sequence includes logging in to both incoming and outgoing services - if that fails, client will prompt you to check credentials. If you want to verify this, you must be able to investigate traffic coming to your email servers.

Yes, according to my tests the verification server is located outside of the European Union, which means that your credentials are also there.

//Harri

13 comments:

Anonymous said...

This is pretty shocking. Don't you just love the smell of class action in the morning...

Anonymous said...

Pretty purpose seeking crap! Guess how many other apps steal your vital information? Facebook, MySpace, Twitter...? Ever used Outlook client? Oh, oh, do you have hotmail account? Guess what, Microsoft own your ass!
Nope, it's not easy being the biggest and the best! Toyota's crap. Microsoft's crap. Nokia's crap and criminal... How much of this nonsense we have to take?

bulger said...

ccds.serviceactivation.ext.nokia.com gave me IP address 62.61.69.104 which seems to belong Ixonos Oy, Helsinki, Finland. So, it is not even Nokia - but it is inside EU.

Harri Salminen said...

Hi Bulger,

That's true what you wrote. However, when service validates your account, the request to the mail server is not coming from that IP-address, but instead from a server that is located elsewhere.

//Harri

Anonymous said...

Doesn't the Blackberry do exactly the same? Store user's credentials in their own server in order to connect to the service automatically.

Anonymous said...

Most likely some push email thing, making it possible that phone doesn't need to poll email server to know when you get new email. This saves the battery.

Anonymous said...

Sadly class action is not possible where I live.

Pls yanks create one. :D

Anonymous said...

I enjoy every second of reading your blog, but I think that design should be worked on. Default blogger themes are so slow and boring, why don't you try out free custom blogger themes, they seem to be more colorful and vivid.

xNokia said...
This comment has been removed by the author.
xNokia said...

Hello ,
I would like to ask does it have any relate to this website بوابة نوكيا - بلوتوث - برامج - اغاني - العاب - فوركس - أخبار - حواء - جوال - فيديو - أفلامThanks ,
xNokia

TelefoaneMobile said...

So you mean that Nokia has all my email data ?

Harri Salminen said...

Hi,

Nokia hasn't got your email data, but your email credentials have been unnecessarily sent to Nokia.

You should think there is a risk that your password has leaked and you should change your email password.

//Harri

Rajesh said...

It's a failure of Nokia. What else.
Goods Bookmarks