Re: Not just stores
"You do realise that inside the WEP wifi connection there is strong encryption for the actual data payload right?"
Erm, you did *not* mistake WEP as secure, did you?
Seriously?!
I'm hoping that you meant WPA2, lest one and all consider you a village idiot.
SSL is more secure and it isn't the same layer of the OSI model. *That* should be the beginning of the session level security, the encryption of network traffic adding an additional layer to the security.
Although, if the app isn't written with security in mind, the session could be captured from the device itself before going into the initial encryption. See Home Depot for an example of a device level attack.
First, writing a secure app, then encrypting the IP level traffic with a hard encryption method, then have a secure encrypted wireless session (which for a mobile telephone is not WEP, WPA or FART).
It's called defense in depth.
Bollocks one layer? Still encrypted with secure, tough encryption.