German security researcher Mike Kuketz has tested mail apps for Android. He found out that the apps Blue Mail and Type-App send the user's login data including the email passwords to the manufacturer's sites. Although both apps are said to have different developers, Kuketz found that the POST requests in both apps are nearly identical. This suggests that the same people are behind both apps. Bottom line: If you were or still are using one of those apps you should assume that your accounts are compromised. Consequently, you should alter your mail passwords as soon as possible! Kuketz recommends trustworthy open-source mail apps like K-9.
I don't know. Kuketz is right now testing various mail apps for Android, and, at least, the current versions are affected. According to a new blog post several other apps show the same behaviour!
This has always been a concern for me, when it comes to third party email apps for both PC and smartphones.
If you want good email apps for Android: Maildroid, K9, Nine, Outlook, GMail. That's just about it. I've been using Edison. It's OK... still looking into the security, don't trust it yet.
I'm only familiar witk K-9 and agree that it's a good solution. Regarding Outlook - see post #4 above.
check out Aquamail. Really good, open source and very privacy friendly. http://www.aqua-mail.com/?page_id=227
It's too bad K9 dropped support for ActiveSync. You can use AOSP email app which was included in older devices for ActiveSync tho.
Today with Play Protect it is more difficult to disregard privacy/security than in the past. I only have 2 permissions in Blue Mail,basically the ones that almost all my apps have. Even Avast AV has never flagged anything.
thanks for the info, rp. excerpt from the linked article (translated via google translate): https://www.privacy-handbuch.de/handbuch_70f.htm
Yup. Tutanota and Fairemail is what I'm using. I fail to see why anyone would ever use anything but Fairemail for IMAP.
So, technically, the ProtonMail app can only send Proton e-mail password to ProtonMail, right? I don't think that is the issue. OP post is about sending password from e-mail provider X to e-mail client provider Y.