It’s come to light that Nokia’s Xpress Browser — used on its Asha and Lumia handsets — routes your secure and encrypted HTTPS data through its servers and temporarily decrypts it.
GigaOm reports security research which reveals that Nokia’s browser passes data to its servers — nothing odd there, it’s a proxy browser designed to speed things up — but that, at stages, HTTPS data is decrypted. Nokia has gone as far as admitting that it’s the case, but reassures consumers that it doesn’t look at the data:
“Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner. Nokia has implemented appropriate organisational and technical measures to prevent access to private information.”
In other words, your precious personal data does get decrypted, but you’re going to have to trust Nokia with it. Oddly, other proxy browsers — such as Amazon’s Silk and Skyfire — let encrypted data pass through as is. The upshot? Either put your faith in the Finns, or stop using their Xpress Broswer. [GigaOm]