Google PlusFacebookTwitter

Airtel PVR Mobile Ticketing Application – Unsafe?

By on Jun 18, 2007 in Reviews, Tech Takes | 11 comments

Share On GoogleShare On FacebookShare On Twitter

A few months back, Airtel in association with PVR Cinemas had brought out the Airtel PVR Mobile Ticketing App for allowing Airtel users to view schedules and book tickets using their cellphone. I’ve been using this for some time, and I must admit that it’s pretty useful. One GPRS stream later, I’ve got the data a want. Before I continue on the main topic, a short review…

My rating of the Airtel PVR Mobile Ticketing Application: 6 / 10
The Airtel PVR Mobile Ticketing Application is a pretty useful tool for keeping yourself updated with movie info. For English movies at least, you can read the the official publicity blurb. The movie info thing never has any synopsis to show for Hindi movies. And it does pretty funny things at times. Say, if there’s a really bad movie, say like, Primeval, then it doesn’t show any movie info, except for genre which is invariably given as ‘3D’, language as ‘Bangla’ (I can visualize Satyajit rolling around fitfully in his grave), and 2-3 members of the cast under ‘Synopsis’. Also, although on the date list they present you options for 7 days, in reality you can only book 3 days in advance. That’s it. Want to book a Friday premiere on Wednesday? Why bother, PVR thinks. Because you can’t. And of course, it’s insecure.

All very good, I say, allow people to browse and buy tickets easily. What I hate about it (and I know this for a long time – noticed it pretty early) is that the connection over which your credit card details are sent is INSECURE. Yes folks, if on the payment page on your app you look carefully at screen which allows you to enter you credit card number, your phone will show an insecure connection sign.

All this very bad, but you know what’s worse? Airtel / PVR is trying to con everyone into thinking otherwise. If you look at the app’s FAQ section, under Security, it claims ‘Yes, the payment transaction is secured using HTTPS and PKI, similar to you PC browser’. On your computer when you make a transaction, whenever there’s a secure connection what happens is that your data is encrypted before being sent out, so that even if it is intercepted it is basically useless for the thief. When you go to the payment page on the PVR app though, what it does is that it puts an image file of a lock at the top right corner of the screen to make you think that the connection is secure. But if you look at the phone’s own icon, it will show an insecure connection, with an unlocked symbol. This means that all the data, including your card number and the CVV number are simply sent as number which if intercepted only needs to be opened in a text editor to be read, and then misused.

My point is that yes, it’s a far shot that anyone will be sitting under that tree outside your window with high tech equipment to read the plaintext data your phone is transferring, but the point is that your data IS insecure. Theoretically, one could simply siphon off the data at the Airtel end of the connection simply because it’s not encrypted. And over that, Airtel / PVR are lying about how secure the application is too. These companies always talk of following ‘world class standards’ et al, and yet they resort to things like these. Airtel and PVR should take greater care of such financial details of their customers, for their own good, and for instilling confidence in e-commerce in general.

Disclaimer: This post only discusses a possible flaw which may or may not exist. Maybe the test phone had a problem, or HTTPS isn’t supported in India because we don’t get a security module. Use and interpret this information on your own. My phone didn’t show a secure connection, that’s all I want to say.



11 Comments

  1. Abhishek Nandakumar

    June 18, 2007

    Post a Reply

    You’re right.

    When I tried booking a ticket I was charged but I didn’t get a ticket. It is therefore not reliable too.

  2. Siddharth Razdan

    June 19, 2007

    Post a Reply

    There should’ve been a “Cash On Delivery” option…

    Regards
    (Siddharth Razdan)

  3. GQ

    June 19, 2007

    Post a Reply

    @Abhi: Happens. Mail them.

    @Sid: No, they just send you an SMS. Show that at PVR, swipe your card at a kiosk, and you get the ticket there.

  4. Vivek Nair

    June 19, 2007

    Post a Reply

    Will you PLEASE stop as if you’re a major reviewer??? Just because Yahoo! gave you special privileges, you got it into your (over-inflated) head that you’re a reviewer and you must use terms like ‘test phone’ instead of ‘my phone’. It’s a blog, for Pete’s sake, not an official reviewer. Frankly, it seems cheap.

  5. GQ

    June 19, 2007

    Post a Reply

    @Vivek: Eh, I was just trying to make it SOUND like a legal disclaimer. It’s a disclaimer after all, and it should sorta sound legal.

  6. Ankit

    June 19, 2007

    Post a Reply

    Secure connections are very much supported over Indian GPRS. Its just that these people are lying !

  7. GQ

    June 19, 2007

    Post a Reply

    @Abhi: I keep changing the penguin all the time. ;)

    @Ankit: Hmm, my phone does support it, and I’ve had friends who’ve used secure login sites on mobile too. But Airtel PVR app seemingly doesn’t do that.

  8. Ace

    June 25, 2007

    Post a Reply

    Airtel PVR application is a handy application supported by most java enabled midp2.0 phones but basically if under the java net setting you restrict the acess trying to make it secure , the connection will be lost , In my opinion better to use it for emergency purposes.
    p.s. when your gf reminded u to bring a ticket for saturdays show nd u forgot……….. tada the application is here to save ur a**

  9. GQ

    June 25, 2007

    Post a Reply

    @Ace: PVR does have enough seats on the spot for most movies, unless they’re crappy ones like Spiderman 3 which even the paanwala outside wants to watch. But yes, has come handy in emergencies.

  10. Vaibhav

    June 6, 2010

    Post a Reply

    they are really stupid that they haven’t used secured connections for such a beautiful application.

    even i uses secure connection on my websites like connectallprogrammers.com

Submit a Comment

Your email address will not be published. Required fields are marked *