I was just introduced to Kik Messenger for Windows Phone today, and Ryan Lowdermilk immediately asked “are our messages being sent securely”? Well, after a quick check in Fiddler, the answer is no. This isn’t a new finding either. Mike Cardwell wrote about this almost a year ago and it has yet to be addressed.
This is grounds for an immediate uninstall. Unacceptable.
Update 6/29: A Kik representative made a comment:
Hi Rafael, Corry from Kik here. Thanks for your analysis.We are aware of this issue and plan to add WP7 message encryption in a future release. We want to reiterate that the password is not being sent in clear-text, and that our Android and iPhone clients feature full SSL encryption (login info + messages), as Mike Cardwell mentioned in his comment.