Password and Account Security When Using Third Party Email and Calendar Apps

Toggle sidebar Toggle sidebar
S

SweetSpotSuperSport

Prominent
Apr 13, 2017
10
0
510
Hi All,

I've always wondered... if you use a 3rd party email program, like Mozilla Thunderbird, or the Mail app in iOS, and you type in to it your Gmail account and password, doesn't that basically give that company total access to your email account? Couldn't Apple or Mozilla then technically read all your emails and stuff like that?

Same question for 3rd party calendar apps. Anything that syncs with your Gmail account and calendar.

I know many people do this, and it appears safe, but it always felt not safe somehow.

Any insights will be appreciated!
Thanks
 
Solution
Someone Somewhere
Unfortunately, not really. You're always going to be trusting them at least a little - even if they couldn't send your password, they could still send everything in your inbox, or send an email you didn't tell them to...

OAuth2 tries to reduce the danger a little - the app directs you to an e.g. Google webpage, you enter your password there, then google sends a token back to the app. But the page can still be forged, and the app can usually still do a lot with the token.

There is also the possibility of e.g. iOS capturing everything you enter with the keyboard (including passwords), and sending it back to apple.
Sort by date Sort by votes
Someone Somewhere

Someone Somewhere

Titan
Sep 23, 2012
22,291
8
84,965
Your password shouldn't be sent to mozilla just because you type it into thunderbird - thunderbird runs on your PC, and would have to be specifically programmed to send the password back to mozilla.

In fact, because thunderbird is open source, you can actually check that this isn't the case.
 
Upvote 0 Downvote
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
175,361
19,854
184,590


No.
The conversation exists between the mail client on your PC and gmail. Mozilla does not enter into it.
And this is HTTPS. Encrypted.
 
Upvote 1 Downvote
S

SweetSpotSuperSport

Prominent
Apr 13, 2017
10
0
510


Thank you. How about non open-source ones? Like what about Apple on the iPhone? Or other 3rd party apps that ask for your Gmail login? I know you can't vouch for all their security systems, but is it possible that these would send your user name and password back to the parent company? And they could then log into your account and gather data or read your emails?

 
Upvote 0 Downvote
Someone Somewhere

Someone Somewhere

Titan
Sep 23, 2012
22,291
8
84,965
Unfortunately, not really. You're always going to be trusting them at least a little - even if they couldn't send your password, they could still send everything in your inbox, or send an email you didn't tell them to...

OAuth2 tries to reduce the danger a little - the app directs you to an e.g. Google webpage, you enter your password there, then google sends a token back to the app. But the page can still be forged, and the app can usually still do a lot with the token.

There is also the possibility of e.g. iOS capturing everything you enter with the keyboard (including passwords), and sending it back to apple.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom