Hi everyone,

Today I'm going to show you some dangers on Android email applications you can find on the play store.

What you need to know about mails: your mails are actually stored on a mail server somewhere, according to your provider. If you're using Gmail, they are on Google's servers. Most of the people are using Gmail, or Microsoft (hotmail, msn, outlook), or mails from your internet provider.
When you're using a mail application, like stock mail app on your iPhone, or stock mail app on your Android, the application connects directly on the mail server, using standard protocols like IMAP or POP.
To send an email, it's contacting the SMTP server with the SMTP protocol.

alt

The danger with some apps: some are not contacting your mail server directly: they give your information (mail address and password) to a dedicated server, which will do the connection to the mail server, and download all your mailbox. Then, your phone is only refreshing or getting email through this dedicated server, using HTTP or HTTPS access (like web browsing). It's not a bad idea, except ALL your mails are downloaded by someone else!

alt

I tried some emails app with my old Nexus phone. I made a fake mail account on my own mail server. I will connect these app on it, and because I can see the access on live, see which IP address connects to my mail server...

AquaMail: seems good!

MyMail: can't choose a personal IMAP mail :D So I can't test. Goodbye!

BlueMail: Bingo! First one :p After configuring the app, some externals IP addresses are connecting on the server: 54.90.147.202, 54.157.199.199. According to whois, these are Amazon IP addresses, but don't have more info.. On the server, my phone is connecting too on the server. Why these external IP? After the app removal, I still have access attempts...

TypeApp: looks the same as BlueMail graphically.. it's not good! Tada!! Same thing. IP addresses on my mail server: 54.165.87.200 and 54.205.181.135. Amazon servers! After the app removal, I still have access attempts too...

MailDroid: seems good :)

SolMail: Seems good too.

GMX Mail: Seems good!

Mail.ru: Jackpot! Access from 94.100.181.39, 94.100.177.59, 5.61.237.13, 185.5.137.195, 185.5.137.192, 94.100.178.38 ... All from Russia. In contrary with TypeApp or Bluemail, which does external access and direct access from the phone, when you refresh the mails on Mail.ru's app, it's only a Russian IP which is connecting to the mail server.. never the phone.

So, for my part, I can't trust this kind of applications, which are not using the standard way. I will contact the developers to see why these external accesses.. If they respond I will explain!

Maybe the application which are doing external accesses are not bad, but sorry I can't trust this. Nothing can prove me all my personal data is not used for something else (commercial?), and removed when I remove the app.

When you think an app like Mail.ru is used by 10 Millions users and more...



This is the best advice I can tell: always be careful with applications you're using.