Security concerns with Opera Mini Browser for iPhone
- — 14 April, 2010 07:48
It came as a surprise to almost everyone when Apple approved the Opera Mini Browser app for its App Store. It is a competing browser for Apple's own Safari--which is the default browser of the iPhone, iPod Touch, and iPad--and it is not built on the Apple-ordained Webkit platform.
The main claim to fame for the Opera Mini Browser for iPhone is speed. It loads pages fast--or so the story goes. However, the "how" behind that speed comes with some security concerns that users should be aware of as well.
Basically, the Opera Mini Browser app is able to display Web pages quicker because the data is compressed. That means that business professionals on the go can surf the Web faster while consuming less data bandwidth--seems like a no brainer.
The data compression is done entirely in Norway on Opera's servers, though. Each Web page request goes through Opera where it is recompiled in Opera's proprietary markup language and then forwarded to the destination iPhone.
In fact, this server-side compression is responsible for the increased speed, and is probably the reason that the Opera Mini Browser app was approved by Apple. By rendering the page on Opera's servers rather than on the iPhone itself, Opera circumvents some of Apple's coding restrictions.
The tradeoff is that Opera is also now a single point of failure. If the connection between your iPhone and Norway is slow or offline, your service with the Opera Mini Browser app will suffer accordingly. Of course, if push comes to shove you will still have the Safari Web browser on the iPhone or iPad as a backup.
Now, let's examine the security implications of Opera's Web page processing. First of all, every Web page you visit--whether it's Amazon, your bank, a search on Bing for a medical disorder, or a connection to a corporate Web site--all go through Opera. That means that Opera can essentially see and cache anything and everything you do while using the Opera Mini Browser app.
If you visit encrypted Web pages, Opera still sits as a proxy in the middle of those communications. Opera must decrypt, compress and convert to Opera-proprietary markup language, then re-encrypt the data before forwarding it along to the iPhone.
For many companies, this violation of the end-to-end trust expected when using encrypted data will be reason enough to ban the Opera Mini Browser app from use. If the Opera servers are in any way breached, it could result in otherwise securely encrypted communications being compromised.
I have installed and used the Opera Mini Browser app. It is fast--at displaying the page. However, that is after an initial lag when I assume the whole Opera proxy data compression part is going on in the background. The net result, in my unscientific opinion, is that it isn't significantly faster overall.
Given the security implications, and some of the other issues noted with the Opera Mini Browser app for iPhone, I recommend not using it for anything sensitive like online banking or corporate VPN connections.