Email - which apps keep it private

[Crashdamage]

Update: Mailbox by Dropbox will be shut down on Feb. 26th, 2016. If you still use Mailbox it's time to change email clients. IDK details about how you can transfer your accounts, email, etc.

https://www.mailboxapp.com/

EDIT: Mailbox (Dropbox) just sent a 'Goodbye' email saying to check out this for help transtionting to another email client:

http://www.mailboxapp.com/faq

 

[AZgl1500]

I suggest you migrate over to AquaMail.

I was a died in the wool BlueMail ala TypeMail user until I learned about Aqua Mail.
Flexibility is great, and handles multiple accounts with aplomb.

* Aqua Mail - email app - Android Apps on Google Play

 

[Crashdamage]

Update: Some rewriting and minor additional explanation. Gave the test site Email Privacy Tester a more prominent position in the hope more people will find and use it.

 

[kaktux]

it would be great if you could test katmail and solmail - as those are the only ones I am missing in that list + i consider in using.

I just asked this question in a german android forum right before i found this thread. I will post a link pointing here if you don't mind

 

[funpig]

What is your assessment of the Yahoo mail client app?

I always figured if I use a Yahoo (or whatever internet) email address, it would make sense to use the associated email client app.

 

[Hadron]

Funnily I make the opposite assumption: I figure that if it has pop3 or imap access then it's a generic protocol and I can use whichever email app I like best and that there's no inherent advantage to using the provider's own app.

 

[Crashdamage]

Update: Added Solmail and Yahoo Mail per requests. I was unable to find Katmail in the Play store. Maybe you can supply a link?

Both Yahoo Mail and Solmail do the usual collecting and sharing certain information for targeted ads, etc to 'enhance to the user experience' no doubt. However, I give credit to Solmail for taking a more serious approach to security. See their privacy statement and website for details.

 

[StRanger]

I always figured if I use a Yahoo (or whatever internet) email address, it would make sense to use the associated email client app.

Some (most?) of those providers would like you to use their apps (Google, Yahoo, MS), as that gives them more information about your e-mail usage (And you remember that you are the product for those companies that offer free services). A few others are just providing you an app to provide the visibility of the all-around service with that e-mail account.
While, using the "native" app can in some cases provide some advantage (I am aware of only Gmail app), - as it might be using the proprietary protocol for connection, as in case of Gmail. And there is very little harm in the sense of privacy: Google already know the content of your e-mails from the Gmail account. But in most cases "3rd-party" mail apps can offer your more features and options.
But, when you are using several e-mail accounts besides the one from the free e-mail provider (Google, Yahoo, etc.), by using 3rd party apps you do not give access to Google to the content of your other mail (which would've happened if you used, say, Gmail app for accessing your other e-mail accounts).

Funnily I make the opposite assumption: I figure that if it has pop3 or imap access then it's a generic protocol and I can use whichever email app I like best and that there's no inherent advantage to using the provider's own app.

That's correct logic, and that's how it should be.
In reality, every so often, some of those "free" e-mail providers break something in their implementation of the IMAP or pop3 standards, but their customer support is quick to blame the 3rd party software for not working properly. It gets resolved in the end, but you have to be patient while waiting (and hearing BS from their tech-support), - and avoid the temptation to blame the 3rd party app.
Besides, Gmail that wants to lock you in into their eco-system, uses the scary language: "You are connecting using insecure method" (when you are using a standard IMAP connection as opposed to their own app, or the "Oauth" method of authentication). Also, if you are not using their app. Gmail doesn't let you log in from an IP that it considers impossible for your to use, e.g. if it resolves it to be located in a different geography compared to where it expects you. I've recently had a problem while connecting from Aquamail using JetBlue's in-flight Wi-Fi service. I had to log-in via web-interface first to pacify Gmail's "guard".
Despite all of this, I still think that for most situations, a good 3rd party e-mail app (i.e. with a good privacy and security, like Aquamail) is best to use.

 

[kaktux]

sorry -
actually katmail ist how it is spelled - my bad.
It has a not-so-memorable name when written down: K-@ Mail
There are a free and a non-free pro version in play store. If i understand right it is based on K9.
Homepage is http://1gravity.com/

 

[Crashdamage]

Excellent post by StRanger. I agree with what he said and he said it well. He gets email and why AquaMail is so secure, even though it does not yet include PGP encryption. But that's another discussion with legitimate arguments for and against. I would probably never use it. A topic for another day maybe...

 

[Crashdamage]

Update!

Added K-@ Mail per request. Unable to find a privacy statement. But it does not appear to be cloud-based, it includes PGP encryption for those who value it, and it makes no mention of any data mining or sharing.

I wasn't sure how I should rate this. I decided to kinda take the developer's word and rated it 'Secure' but with 3 stars.

Remember, I do not install and test the email clients listed. I HIGHLY recommend installing any client you are considering and testing it at:

https://emailprivacytester.com

 

[AZgl1500]

What is your assessment of the Yahoo mail client app?

I always figured if I use a Yahoo (or whatever internet) email address, it would make sense to use the associated email client app.

Funnily I make the opposite assumption: I figure that if it has pop3 or imap access then it's a generic protocol and I can use whichever email app I like best and that there's no inherent advantage to using the provider's own app.

and I totally agree, I do not Like Yahoo's email app at all.
Aqua Mail totally blows it out of the water.

* Aqua Mail - email app - Android Apps on Google Play

I have Aqua Mail bringing in email from 4 different accounts.
You can have them on show up in one Smart Inbox, or not. Your choice.

On Yahoo's email, Aqua Mail will open up the folders where I keep emails from different contacts.... Some of those are legal documents from my Lawyer that I don't want to ever loose.

 

[Applebegone]

Thank you so much Crashdamage. I'm a 66 year old technotard who has been using IPhones for a long time. Recently decided to buy a Nexus 6p and switch to Android (for several good reasons, I think). The email adjustment was immediately confusing. I couldn't figure out why the only mail icon was for GMail. My law firm uses Outlook, and I have personal GMail, Yahoo and another Outlook (Hotmail) accounts. Our in-house IT guy is unfamiliar with Android since everyone here uses either IPhones or Blackberrys, so he's been little help. What I miss from IOS mail is seeing a convenient list of my accounts all in a row, showing the number of new emails in each account and being able to easily switch back and forth between accounts. But security of my office email is even more important than those convenience features, so I'm so glad to have found your posts. Another problem I've had with email on my 6p is long delays in loading emails. That issue seems to have resolved itself, and I hope it's not a day to day kind of thing.

Sounds like Aqua Mail will address my convenience needs while preserving the security and privacy of my email accounts. I'm running it by our in-house IT guy and then plan to give it a go. Thanks again for the work you do here.

 

[Crashdamage]

You're very welcome. And thanks for the kind words! Hope your Android makes you smile every day. The 6P should, it's a fine phone. You can't go wrong with a Nexus.

And welcome to the forums!

 

[kaktux]

K 9 needs to get one star - the only open source - and as there is no firm - only everyone who wants to behind.
WHAT website do you actually search for the agreement?
As on google play the website provided is github - which is a repositry where you can get the source code.

btw - this is also the app recommended by projects like the guardian: https://guardianproject.info/apps/
Having access to the source code makes it even "zero" stars - if you want my opinion. You can't get more security than beeing able into looking everything yourself or even creating the app yourself from the openly available source code.

btw. on the other hand another one with a shiny page - but no info about security etc.
https://play.google.com/store/apps/details?id=com.wemail&hl=en

 

[StRanger]

I suspect that in the absence of any other policy document, this one can be considered as such ("License" portion) for K-9:
https://github.com/k9mail/k-9/blob/master/README.md
It doesn't say anything about privacy.

... open source - and as there is no firm - only everyone who wants to behind.

I just wanted to point out that "open source" does not automatically mean that there is no collection of information or no storage of messages/passwords in the cloud.

(BTW, even if you checked the entire source code and can vouch that it doesn't do that, - are you sure that the binaries distributed via Google Play Store and Amazon Appstore are exactly the same as what you'd compile from the source? )

The absence of the privacy statement in such a case can mean either that nobody cares to make one, or nobody wants to (because nobody wants to take the responsibility for what is happening). Or, in general, it can mean that people responsible for the project are clueless about importance of the privacy. And cluelessness can be worse than a well-specified privacy policy that infringes your privacy in some way (like that of Google).

By the text above, I am not implying anything about K-9 or its team. My comment is only about the argument that "if open source, everything must be good".

 

[mikedt]

I suspect that in the absence of any other policy document, this one can be considered as such ("License" portion) for K-9:
https://github.com/k9mail/k-9/blob/master/README.md
It doesn't say anything about privacy.



I just wanted to point out that "open source" does not automatically mean that there is no collection of information or no storage of messages/passwords in the cloud.

(BTW, even if you checked the entire source code and can vouch that it doesn't do that, - are you sure that the binaries distributed via Google Play Store and Amazon Appstore are exactly the same as what you'd compile from the source? )

The absence of the privacy statement in such a case can mean either that nobody cares to make one, or nobody wants to (because nobody wants to take the responsibility for what is happening).

Yup, that's right. And in fact much open source software includes the following disclaimer from the GPL.
"This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
So basically it's the user's responsibility.

 

[zuben el genub]

If you try to set up Gmail as an IMAP in Aquamail service on Marshmallow, it wants to scan all your Aquamail accounts. I got a box requesting said permission a couple of times and clicked deny.

If you don't give it permission, you don't get IMAP. Gmail is now disabled on phone. I'll use IMAP in Fossamail on the computer.

 

[electricpete]

....Or you could put all your email accounts into your gmail app.

I see access to email as among the most sensitive permissions I cam give on my phone (even though it's not labeled as such).

Google/Alphabet is a 500 Billion company whose existence relies to a large extent upon user trust. They are NOT going to intentionally or unintentionally abuse your email's private data in any way that is detrimental to the you, the user. It wouldn't be in their own best interest to do so. (and no, supplying targeted ads instead of random ads is not detrimental)

You might say the same thing about a tiny startup company, but they have a lot less at stake, and a lot less expertise to draw upon in keeping data safe, even if they are completely honest. And of course if you're already using a gmail address for your important correspondence, Google already has everything in it..using an app by any other company is probably not can going to help security for that content.

And then there are the rankings of this thread. They rely primarily upon statements from the company itself... that's useful but also a little bit circular if you're evaluating trustworthiness.

Am I "giving up" any convenience/features to use Gmail (which I consider more trustworthy)? Not from my perspective - it's the best around imo. Through tools like labels, filters, and scripts gmail is extremely powerful. There is also coordination with desktop client and integration with related Google services.

For me it's an easy decision to use gmail. Others see it differently, I have no problem with that....to each his own. I will continue to interject from time to time when gmail is mentioned.

 

[AZgl1500]

Once upon a time, I abhorred Gmail.... it was clumsy and nearly useless....

Now though, it has been vastly refined, and I use it for important stuff.

 

[Crashdamage]

OK, time to catch up...

K 9 needs to get one star - the only open source - and as there is no firm - only everyone who wants to behind.

I Agree. Things sometimes change for the better. K-9 now sports a shiny new 1-star rating. They added a good privacy statement {hard to find} which I have linked, plus added some other reassuring words on their website.

WHAT website do you actually search for the agreement?

Only official company websites.

btw - this is also the app recommended by projects like the guardian: https://guardianproject.info/apps/

As far as I know they have no Android email clients in development,

Having access to the source code makes it even "zero" stars - if you want my opinion. You can't get more security than beeing able into looking everything yourself or even creating the app yourself from the openly available source code.

But you have to take time to look and know what you're looking for.

If you try to set up Gmail as an IMAP in Aquamail service on Marshmallow, it wants to scan all your Aquamail accounts. I got a box requesting said permission a couple of times and clicked deny.

If you don't give it permission, you don't get IMAP. Gmail is now disabled on phone. I'll use IMAP in Fossamail on the computer.

Of course if you deny it permission you on't get IMAP, YOU just told it not to. And it will check only what you tell it to. AquaMail can be fine-tuned to check only certain accounts, only certain folders within accounts, with lots of timing and notification options - almost anything you could want,

@electricpete: Keep in mind the purpose I started this for. Not to show Gmail or Yahoo or whoever and their free services and apps are bad for privacy, that's a given. It is intended to reveal what additional Bad Things could be happening to your email you're completely unaware of and not agreeing to.

Many users might not care,they just like an app and will keep using it no matter what. Others will take it seriously, and that's good. But why I really started this list is for is people and businesses with private domains, so they can be reasonably assured no funny business is being done by bad actor email clients to private email they pay a premium to keep private.[/quote]

 

[electricpete]

@e;ectricpete: Keep in mind the purpose I started this for. Not to show Gmail or Yahoo or whoever and their free services and apps are bad for privacy, that's a given. It is intended to reveal what additional Bad Things could be happening to your email you're completely unaware of and not agreeing to.

I think we've hashed out our views already so not much point in repeating. We'll have to agree to disagree. My post was directed to zuben and not as a criticism of your thread but as a suggestion for his consideration.

 

[Crashdamage]

@elecrticpete: I thought we pretty much agreed. Just curious what we're supposed to disagree about.

I'm well aware of the limitations of my little project. It would take many more hours of work and extensive testing to make it as good as I would like it to be. But it's what I've managed to do.

I put it out because I couldn't find much else like it and I figured it was better than nothing.

 

[cdl]

From what I understand, with Google'd idiotic implementation of its Doze functionality, push email will no longer work when the phone is in doze, unless the email client uses GCM (google cloud messaging) and sends high priority GCM notifications, which are the only thing which can cause a device to exit doze mode. Since Doze cannot be disabled on non-rooted devices, it means Google is forcing us to use its own cloud messaging system to get proper push email. Don't want Google to store the password to your email? Tough luck...
With respect to the original topic, all of this means that clients which do not sore our information, like k9, no longer have proper push; if you want that, you must give up your privacy and accept a GCM email system.

Or am I missing system?

 

[codesplice]

From what I understand, with Google'd idiotic implementation of its Doze functionality, push email will no longer work when the phone is in doze, unless the email client uses GCM (google cloud messaging) and sends high priority GCM notifications, which are the only thing which can cause a device to exit doze mode. Since Doze cannot be disabled on non-rooted devices, it means Google is forcing us to use its own cloud messaging system to get proper push email. Don't want Google to store the password to your email? Tough luck...

The user also has full control to be able to exclude certain apps (like their mail client of choice) from being "Dozed". This does not require root or any other system modifications.

On my 6P, I can do this via Settings > Apps > (settings gear) > Battery optimization. Tap the "Not Optimized" dropdown -> All apps. You can then pick any non-optimized apps and sent them to "Don't optimize".

It's a funny way to word it, but that's exactly what it does.