Edison Mail Bug Allows Access to Other Users’ Data

Eric Slivka:

Several users of popular email app Edison Mail this morning are reporting that they are able to see email accounts of other users within the iOS app. In what appears to be a major privacy breach, users report that after enabling a new sync feature, they have full access to these other email accounts.

Via Cabel Sasser:

All I wanted was a modern email client that downloaded directly from the server — like they have forever — with no risky middleman. The Edison privacy policy said “we store as little of your email on our servers as possible”.

[…]

What an interesting butterfly effect

Apple wants to preserve your battery life > email clients can’t check in the background > email clients set up servers to store credentials and check email to push notify you of new email > everyone’s email now exposed to huge security vector

Apple should lift this restriction on checking in the background. This would bring a better user experience and better privacy. Its own Mail app is allowed to do that, with apparently acceptable effects on battery life and RAM use. For many users, iOS devices already offer plenty of battery life, and some are operated while plugged in.

Edison (via John Gruber):

No account credentials were compromised; issue was fully resolved within 30 hours of first report by ‘bricking’ access to potentially impacted Edison iOS app users and any email messages from the app.

Kudos to them for a quick fix and for revealing the exact number of affected accounts.

Previously:

• Companies that Scrape Your E-mail
• BlueMail Rejected From the Mac App Store
• The App Developers Sifting Through Your Gmail
• Spark Mail Stores Credentials in Cloud

App Store Bug E-mail E-mail Client Edison Mail iOS iOS 13 iOS App iOS Multitasking MobileMail Privacy Syncing

Comments RSS · Twitter

Leave a Comment

Name

E-mail (will not be published)

Web site

Δ