原文链接： https://blogs.mcafee.com/mcafee-labs/apps-sending-plain-http-put-personal-data-risk

Weibo: social media chat easily sniffed or spoofed
Weibois a Chinese social media platform like Twitter or Facebook. You post your status, chat with your friends, etc. Now suppose you post a message as follows in Weibo:
微博是一个类似脸书和推特的中国社交平台，你可以发表状态，和朋友聊天等等。下面假如你在微博上发了这么一条：
You can see what’s being sent to the Weibo backend by capturing the traffic from Wireshark:
用wireshark可以查看被发送到微博后台的数据。
And the cookie is there for an attacker to harvest or even alter your post message via a[size=
15.12000083
92334px]man-in-the-middleattack.
cookies就那么放在那里等人收割，甚至允许中间人攻击来改变你发布的内容。
You may ask Who cares? This is a post on social media and is meant to be public. But what about your private chats with friends? We sent the following message via the chat window:
你可能会说Who TM Cares？社交媒体上发布的东西本来就是公开的。但是你和你朋友的私信聊天呢？我们从私信窗口发送了如下消息。
Again Wireshark shows us exactly the text, without encryption, begging for an attack (such as modifying the chat, injecting malicious links, etc.). There’s no privacy here!

第一眼看上去触发的数据不是很多，但是问题来了：一个输入法为何要知道“用户已接入一个iOS设备，运行iOS7.0，序列号为650***”，以及USB借口的编号？
When we connected an Android phone, Fiddler showed a similar data collection:
当我们连接一个安卓手机时，fiddler显示了类似的数据连接。

Collecting device information in these scenarios is not something we expect or appreciate from language-input software. What is scarier is that the plain-HTTP transport invites attacks in the world full of poisoned mobile hotspots.以上案例中的收集设备信息的行为我们是不想在一个输入法上看到的。更可怕的是明文的HTTP传输在这么一个充满被感染的移动热点的世界简直是在求黑求攻陷。