Yesterday on German TV, a smartphone session hijacking app has been introduced (provided by cydia). “Stern TV” showed us on how a smartphone session can be hijacked easily when being logged in a public WLAN. With this app, it seems to be possible to spy out other smartphones, IPhones and Notebooks within the same WLAN (Spy-App / Spionage-App). So a personal Facebook account can be taken over by a stranger.
On the programers hompage I can read: was developed as a tool for testing the security of your accounts and is based on my Bachelor thesis with title “Session Hijacking on Android Devices”.
Ok, this is fine. But why is it so easy to create such a smartphone hijack app 
? Searching the web I found several other packet sniffer apps. With all of them, hijacking within a open public WLAN is possible!
It seems as there exists also a smartphone session hijacking defense app – DroidSheepGuard – but does it really protect? Is it save?
Why does no “https everywhere” exist?
Use HTTPS wherever it is possible! It seems as following services do not provide HTTPS per default, so be careful when using them in a public WLAN:
- Youtube
- Amazon
- VKontakte
- Tumblr
- MySpace
- Tuenti
- MeinVZ/StudiVZ
- blogger
- Nasza-Klasa
On topic HTTPS, Google seems to be pretty good 
(but you have to be logged in – when your operating system is android, you usually are logged in on Google)
Update on DroidSheepGuard against Smartphone Session Hijacking Apps 🔗
2024 Update:
In the year 2024, the issue of smartphone session hijacking apps is still prevalent, but there have been advancements in cybersecurity to counteract these threats. While DroidSheepGuard was once a popular defense app against session hijacking, new and more robust security measures have been developed to combat these attacks.
2024 Situation:
With the increasing use of smartphones for various online activities such as social media, online shopping, and banking, the risk of session hijacking remains a concern. However, major tech companies like Facebook, Twitter, and Google have made significant improvements in implementing HTTPS by default to encrypt data transferred between users and their servers.
2024 News:
Recent reports have highlighted the importance of using secure connections, especially when connected to public Wi-Fi networks. Cybersecurity experts advise users to enable HTTPS wherever possible and to be cautious when accessing sensitive information on websites that do not provide secure connections.
2024 Conclusion:
While the threat of smartphone session hijacking apps continues to exist in 2024, users can protect themselves by being vigilant about their online security practices and utilizing the latest security features offered by tech companies. It is essential to stay informed about cybersecurity risks and take proactive measures to safeguard personal information in the digital age.