Is Mailbox App Secure?

Dave Zatz —  February 16, 2013


The new Mailbox app arrived to great fanfare, with promises to revolutionize the iPhone email experience by most efficiently managing messages and maintaing Inbox zero. However, unlike a typical email app, Mailbox is something more than a client that resides on your phone. Which is both a strength and a weakness.

On one hand, it allows the company Orchestra to do a variety of clever things on their server backend – such as redelivering messages one chooses to deal with at a later date (as pictured above). However, that effectively puts a startup between you and Gmail (which is the initial service they support). Now I don’t doubt their intentions and strategy to maintain user privacy, but security is hard. Real hard. And much larger companies with security teams or departments regularly fall victim to attack and compromise. And, as security expert Brian Krebs suggests, Mailbox becomes “another potential layer for failure” by entrusting them with with our data.

I’m not certain most folks recognize Mailbox is effectively a man-in-the-middle. So consider this a PSA worth contemplation as you wait in line for access. Also a consideration for Gmail power users is the app’s inability to handle tags. As for me, my golden ticket arrived a day or so ago and, while I don’t have state secrets flowing through my Gmail and don’t effectively use tags, I’ve held off and will keep my faith solely in Google’s two-step authentication and servers. For now. What about you?

6 responses to Is Mailbox App Secure?

  1. I’m not sure what the big deal about Mailbox is. It only works with Gmail and from what I’ve seen Google’s Gmail client is very good (much better than Yahoo’s).

    I don’t get the huge demand for Mailbox. I bet if not for the waiting list to get in, it wouldn’t do as well. It makes people feel special for getting it.

    As for security, I don’t think I’d want a third party having access to my email.

  2. After a week with Mailbox I can’t imagine life without it. And regarding Gmail labels…you’re wrong. Just edit your existing labels (on Gmail web version) to nest them under [Mailbox]. I have over 20 labels and they all sync just fine. If you ever decide you don’t want Mailbox, just remember to move the labels back before you delete [mailbox].

  3. Thanks for the tag tips, Larry. Those more comfortable with Mailbox’s solution will appreciate them.

    And speaking of that comfort level, if my mail were hacked it’d be less of a problem for me than it would for the companies I blog about. Yet here I am considering doing the 23andme spit test which provides way more private personal intel I’d think and is potentially the sort of thing health insurance companies would want to get their hands on by any means necessary. Hm.

  4. Unfortunately there’s no way for third-party mail clients to offer push on iOS unless they act as a man in the middle, and if they don’t offer push they’re garbage. (e.g., Sparrow without jailbreak)

    Apple could easily fix this by allowing third-party mail clients to push. It’s not a technical limitation, as sparrow had a version using the VOIP push channel that worked fine. They simply won’t allow it.

    Why? Who knows, Apple won’t talk about it. Apple doesn’t discuss its appstore guidelines. Apple doesn’t compromise. Take it or leave it.

  5. I tried it for a week, decided it wasn’t for me. I keep my mailbox (gmail) very clean, and rarely have more than a few emails in there anyway.

    What finally made me quit using it was it’s tagging system. It is very invasive into your Gmail world, the same world that many of us have used since the beginning. I just didn’t trust that it wasn’t jerking around with my emails, as I found when I went back to the web interface the other day. It wasn’t pretty.

    If you can’t control your inbox, maybe it’s a solution, but I realized it was trying to solve a problem I didn’t have.

  6. Sparrow is still my favorite, but since Google bought them development has screeched to a halt (as expected).

    I wish Google would do one of two things:

    1) Bring push to Sparrow (if it had push it would be the absolute best hands down [in my opinion]).

    2) Port some of the Sparrow features into the gmail app (notably the inter-message scrolling, and the unified inbox).

    Please, Google, I beg of you. Fix either Sparrow or gmail so I can finally settle on one mail app that isn’t once and for all.