I recently got a letter from Virgin Media explaining my bill was rising by £2.99 a month. As part of the "sell" for this, it was explained in the letter that a new Virgin Media Wifi app was available, similar to BT's wifi app which allows you to login to public hotspots around the country and get free public wifi. This is great for a road warrior worker like me, so I went and installed it.
During the setup process, it asks you to install a profile which is fairly normal for a wifi connection app. However, there was a further prompt which asked me to install a root certificate:
A root certificate, from a security perspective, is an incredible invasion of privacy from Virgin Media. It allows anyone who can issue a certificate signed by that root ca to have a valid TLS certificate for ANY website, which enables virgin media to intercept all encrypted web traffic in plain text - including bank details, passwords, text messages and more.
I'd like to know why on earth Virgin Media needs to install this on my phone in order to simply access their wifi hotspots. There's no good technical reason for this (BT for example don't need this for their wifi hotspot app) and it's in incredible invasion of privacy.
There was recently an uproar about something similar from Dell in the tech community and I'd like to pressure Virgin Media to remove this certificate from their profile. Many unsuspecting users will install this application having no idea what they're letting themselves in for.
Re: Virgin Media Wifi - Root Certificate Installation
I completely agree with the privacy concerns raised here. I can't see a reason for Virgin Media to be permitted to install root certificates on my devices. I look forward to their response on this matter.