1. Are you ready for the Galaxy S20? Here is everything we know so far!

General Email - which apps keep it private

Discussion in 'Android Apps & Games' started by Crashdamage, Aug 10, 2015.

  1. Feonor

    Feonor Lurker

    I think is a real concern about blue mail (also type mail is the same app)


    patrickdrd likes this.
  2. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    Blue Mail's privacy policy is quite clear about their use of analytics, which is offputting. The latest Aquamail does include an option to turn off analytics, though it would have been better to add this at the same time that they were added (and better yet not to add them).

    I also much prefer a client which is retrieving mail directly from the provider to my phone, rather than storing it in some other company's cloud server, which is what Blue Mail does. That is actually the reason I've never used Blue Mail.
  3. Feonor

    Feonor Lurker

    Which one is your favorite app now?
  4. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    I have mainly used Aquamail the last couple of years, but with their purchase by Mobisystems I'm keeping that under review. I have of course got a copy of the last version from before the acquisition, which you can download from their website, so there's always the option of just installing that and not updating again (as I did with QuickPic when it was bought by Cheetah Mobile).

    I have used MailDroid Pro as well, so can always switch to that (it seems more tablet-friendly than I remember it being a year or so ago, so I've got it on my tablet in addition to Aquamail at the moment). The venerable K9 is also an option, works fine though a bit aethetically challenged. But I've not made a proper survey recently, so there may be options I'm missing. Aquamail does what I want just fine, just that it's now owned by a company who I don't particularly trust which means I'm unsure where it will go in future.

    Of course I've also got ProtonMail for when I want it to be more private ;)
    #104 Hadron, Feb 12, 2017
    Last edited: Feb 12, 2017
    dan55 likes this.
  5. Feonor

    Feonor Lurker

    I think maildroid also have analytics and I think you can't disable it, as you can do it in aquamail.

    K-9 must be the best in privacy now.

    Aquamail is the best app but mobisystems...
  6. slappyx

    slappyx Lurker

    Just signed up to offer some additional results after my testing, cheers to op for the post was very helpful.

    So being forced to upgrade my phone as my now 4 year old phone has had its last drop I'm using the latest version of Cyanogen for my device.

    I was initially going to test 3 apps listed in here: K9, Aquamail and boxer (as i've read its now the default for cm firmware); But after seeing the wall of permissions for Aqua and reading @Hadron 's post above about a new takeover, i decided too drop that one;

    I set up a new email account on my server specifically for this test so no tarring the results etc and installed and setup k9 and boxer to this account using pop; I used the privacy email tester, mentioned above I believe (or here), and then ran a packet capture app on my device.

    So i found that K9 is (generally) privacy safe in terms of opening the email & boxer only red flagged on link prefetch, which then changed when downloading remote content / showing pictures! Both had several red flags from the privacy checker, K9 having the most this time?? (listed below)

    In both cases the IP shown was the one for my device meaning remote data doesn't go via any "external company" servers. I cant say the same for fetching of the email as i have been unable to get hold of the email access logs, I will post back if my hosting company gets back to me.

    I then ran the packet capture app on my device whilst checking and sending emails. Looking at the logs tells me that K9 only ever connected to my servers IP and nowhere else which is great imo. Unfortunately not for boxer: I had more than one extra IP address in the logs. They resolved to: amazonaws.com, sl-reverse.com & a blank entry;

    So far i've decided to stick with K9 & see how the interface goes. Apologies for the length of the post, i didn't have time to write a shorter one.


    Object tag - data
    CSS background-image
    CSS content
    Audio tag
    Object tag - Flash
    Video MP4
    Video tag
    Video poster
    Image Submit Button
    Link Prefetch
    Image tag
    CSS link tag
    Iframe tag

    CSS content
    Image tag
    Object tag - data
    Image Submit Button
    CSS background-image

    I realise K9 has more Red Flags on remote loading but this to me is a secondary issue after the ip issue. I rarely click on show remote content within emails, let alone open spam; So i am the one who controls this privacy whereas i have no control over what is sent to the ips logged in the packets;
    zuben el genub and El Presidente like this.
  7. El Presidente

    El Presidente Beware The Milky Pirate!
    VIP Member

    No need to apologise for the long post, the detailed run down is very much appreciated.
  8. Feonor

    Feonor Lurker

    Really interesting, but IMO k-9 is far from aquamail in terms of UI. Privacy in aquamail isn't a concern for now, but we don't know what will happen in the future.
  9. maildroiddev

    maildroiddev Well-Known Member

    MailDroid does not have analytics. This is not true. It does have ads
    El Presidente and Hadron like this.
  10. maildroiddev

    maildroiddev Well-Known Member

    Since I was asked in an email about the unroll.me situation and how email apps keep it private, I will point this out. Most top email app lists fail to look at the details on the apps. It also does not consider some of the oldest and most feature rich apps in the Play Store such as K9 and MailDroid. Both these two apps also support PGP (MailDroid supports sMIME as well) to encrypt your emails when sending.

    1. BlueMail and TypeMail are the same company and they both make money somehow. They have their own server which your mail passes through. Do they mine data like unroll.me did? The Terms Of Service they have is very unclear. I am not saying they do, but articles like this dated back in 2014 (http://www.sklar.com/2014/10/14/blue-mail/), is it a sister company of https://www.bluemailmedia.com/ which does marketing and promotion? I can not say for sure that any of this is true, do you own investigation. Look at their TOS (https://bluemail.me/tos/) and if it is acceptable, use them, they make a very good app.

    2. Outlook is owned by Microsoft, Yahoo Mail by Yahoo, Alto by AOL, Inbox by Google, myMail by Mail.ru. Most of these companies likely don't mine your data, but you may get solicited somehow to join their sites. I think Yahoo shows ads and myMail may also show ads, so this is the revenue model.

    3. Newton Mail charges a $50 a year subscription after 14 days. Their revenue model is now clear (it used to be not clear).

    4. Proton Mail is a good provider which likely falls in the category of ones that don't sell your data. They have end to end encryption which costs per year.

    5. AquaMail was bought by Mobi who is known to have shady practices. Before Mobi bought them, I would have agreed with earlier comments that this was a client that was respected, now I can't say that.

    Make sure everyone knows all the details so they can decide on a commercialized mail client vs a mail client like K9 or MailDroid which both have no servers and no tracking (K9 is open source and free and MailDroid is ad based or pay for no ads). They are both well tested and have been on the play store since Android version 1.5

    Again, do your own research into this. It could very well be that all these companies have a different revenue model and they are all legit, but you need to look.
    codesplice, Hadron and cdl like this.
  11. spocko

    spocko Well-Known Member

    I just noticed that MailDroid Pro is on currently sale for $4.49 instead of the usual $6.99 on the Play Store in the US.

    I have no affiliation with them, just sharing the info. MailDroid does seem to be one of the only full-featured and well-supported email clients that can be trusted to "keep it private".
  12. pacman10

    pacman10 Newbie

    You write "AquaMail was bought by Mobi who is known to have shady practices.". What exactly are these shady practices ? I'm considering installing Aqua-Mail and need to know what to look out for.
    sweetndreemy73 likes this.
  13. phayes72

    phayes72 Lurker

    I got this response from Blue Mail...

    Our push service and sync require servers, which are hosted securely on Amazon AWS.

    Below are our basic principles:

    1. Our app does not store any of your emails on its servers. This is different from most cloud solutions, including Microsoft Outlook for mobile, as far as we are aware.

    2. Our app connects to your email provider with secured and encrypted protocols and when applicable, both to send and receive emails from the client directly.

    3. When using instant push mode for notifications over IMAP and EWS protocols, our servers notify the app about new email, which in turn directly fetches the email from your own provider. This process requires your credentials, which are stored securely on our servers, and are used for this sole purpose only. You can disable push mode (by changing to fetch or manual mode), which does not require your credentials on our servers, and can be taken as an extra security step. Please note that accounts that use OAuth do not require your password, but use a token.

    4. For POP3 and ActiveSync (EAS) accounts, there is no token or passwords used at all.

    5. For Gmail, Outlook and Yahoo, we have implemented OAuth 2.0, where we at no time, have access to the account password (not even the app on the device). More about OAuth: https://oauth.net/2

    We primarily care about the security of our users, and therefore keep updating to the latest secured protocols and methods.
    El Presidente likes this.
  14. maildroiddev

    maildroiddev Well-Known Member

    Considering they just pushed in code to have ads all over aqua mail and did not let people know and did not even tell them about a changed privacy policy...that is a start.
  15. maildroiddev

    maildroiddev Well-Known Member

    So the main question still remains, how do they make money? They have a huge team supporting the app, they need to make money somehow ;-) No one is doing this for free and working there just for the fun of it.
    phayes72 likes this.
  16. jayanda

    jayanda Lurker

    I got here by clicking on the first page of this thread in a web search. I looked at Blue Mail...has anyone noticed that their privacy policy states that they collect information from your browser about which web pages you visit....To improve their service ...Really??? So difficult, I am discovering, to find a truly private and secure mail client for android. Am looking into 'Mail' which used to be called EasilyDo on iphone. Anyone here have anything to say about them?
  17. maildroiddev

    maildroiddev Well-Known Member

    EasilyDo came out a year or two after MailDroid was released and did not do well. I know they rebranded, but don't know much about their revenue process at this point. Again, a company with developers will need to pay those developers somehow. K9 is open source and free and MailDroid has ads and a pay version...these are the only 2 that don't have servers, don't have a huge development team that needs to be paid a lot and have been around a while with loyal users (and no major advertising).
    codesplice likes this.
  18. zuben el genub

    zuben el genub Extreme Android User

    No ads so far in the paid version. I bought Aquamail years ago. It doesn't even pick up the spam that comes with GMX mail.
  19. phayes72

    phayes72 Lurker

    And who are they? Private WHOIS info, no location or owner information on their website... red flags for me.
  20. StRanger

    StRanger Lurker

    While the question about business model is legitimate in this case, I would argue with the last statement in your post: Some people do it "for the fun of it".
    Just one example: https://play.google.com/store/apps/developer?id=SECUSO+Research+Group

    As for Blue Mail, there is a phrase in the privacy policy that concerns me as well (and has not been mentioned yet):
    "Some of the information Blue Mail uses to communicate with your device – like its IP address – can be used to approximate the device’s location. This information may be used to administer, analyze and improve Blue Mail."
    In view of the other information about what they do, my question is: how exactly are they collecting IP address(es) of my device and how are they using location information? Are they analyzing that for each message, or do they continuously poll my IP?
    Or, maybe it is about the access to their website via browser?​
    #120 StRanger, Sep 29, 2017
    Last edited: Sep 29, 2017
  21. mikedt

    mikedt 你好

    On their website....1540 Market Street, San Francisco CA 94102

    Anyone in SF want to check it out?
  22. StRanger

    StRanger Lurker

    Privacy in Whois is done by many small companies, - this reduces spam: There are web-scrapers who collect e-mail addresses (as well as snail mail and phone numbers) and sell them to spammers. The only reason I am not using private registration for the domains I own is that I am not willing to pay extra fee for that.

    As for the street address in question, it is "Anchor", shared office space: https://www.yelp.com/biz/anchor-san-francisco
    #122 StRanger, Sep 29, 2017
    Last edited: Sep 29, 2017
  23. jayanda

    jayanda Lurker

    Thanks for that info:). Do either of these clients give the option to access app with a p/w, encrypt mail on the device, and delete emeils from webmail inbox on a mail-by- mail basis?
  24. Hadron

    Hadron Smoke me a kipper...
    VIP Member

    That sounds exactly like ProtonMail, except that app does those things for a ProtonMail account rather than for any webmail service of your choice.

    I know that MailDroid has a password protection option and supports an encryption plugin, but have not used either so can't say more. It certainly allows you to delete mails as requested (long press mail in list to select, then select whichever others you want, then delete) and you can set it to delete from server when you delete from device, so that box is ticked.

    I've not used K9 for a few years, so can't answer for that one.
  25. maildroiddev

    maildroiddev Well-Known Member

    Yup, as was noted, MailDroid supports basic password and oAuth2, as well as PGP and sMIME.
    Hadron likes this.
Similar Threads - Email apps keep
  1. veniceboy
  2. Shridhar Metraskar
  3. markdoc
  4. roger android
  5. johnbil
  6. Bob Hawkins
  7. 1lostyankee
  8. MoodyBlues
  9. Deelynde
  10. jbcorlfl

Share This Page