Mailbox app leaves contacts, email content and attachments exposed? (Updated)
Update: Subhransu Behera has drawn back his original hypothesis:
After posting this on HackerNews some developers / users feel my hypothesis is wrong and one can not repeat the steps below without having physical access to an user’s phone or locked devices. I agree to this. I also need to check for on which iOS version this is secure. Because as per as I remember, this is definitely doable in earlier version of iOS. But the original problem still remains same. These files are unencrypted and unprotected and one can copy your entire mail contents if he/she has access to your phone.
File Protection API won’t be enough to protect data for unlocked phones. For which one might require to encrypt documents or files with a key and the key being stored in some secure location.
I am building some concept apps to try out few things. Stay tuned …
App developer Subhransu Behera has described the popular iOS Mailbox app as ‘a security fail’ after discovering that it allows anyone with access to the phone to extract email contacts, content and attachments …
Expand
Expanding
Close