Mailbox for iOS is “security fail”

Subhransu Behera, and app developer, claims to have stumbled upon several major security flaws within popular iOS email client Mailbox.

Mailbox was rolled out over the last 2 months, with potential customers waiting in line for the client, recently however Mailbox’s waiting in line feature was scrapped, with developers confident in their servers ability to handle full demand.

Mailbox 1

Behera claims:

I love iOS apps and developers. And it’s the apps that I love [which] motivates me to write better code. However, Mailbox is an exception. I like the UX of this application but I dislike its data protection approach more. As a matter of fact, there’s no data protection at all.

Using iExplorer, a tool used to transfer media between iOS devices and PCs, Behera was able to access the apps Document and Library directories. Using this tool, a criminal could potentially extract your email contacts, as well as the content from your emails and even the attachments.

Whilst anyone seeking to gain this information would still need physical access to your device, these security flaws would make it very easy for someone with access to your unlocked phone to potentially lay eyes on sensitive information. The chances of this happening are obviously very slim, however if you use Mailbox to send sensitive information, then you may want to reconsider your choice of email client.


Via: 9to5 Mac

Tags: , , , , , , ,