If you are using eCrypt One on One (formerly Mobile Mail Privacy), do not use IMAP.
Thanks to a report into our support team, we identified an incompatibility that exists between IMAP and eCrypt One on One, that compromises the privacy of communications. The solution is to disable or turn off IMAP. But if you are a Gmail user, that can be difficult.
You see, it’s a known issue that if you disable IMAP on Gmail, it may enable itself randomly, without warning or your intervention. I am not sure if it is affecting all users or not, or what other factors play a part (wireless service provider? device model?) but it has affected every Gmail account I’ve tested.
So, what is the problem anyway? To explain that I must first explain a little about how the BlackBerry® smartphone handles email, and a little about how IMAP works. I’ll keep it as brief as possible. When you send an email using your BlackBerry® device to your friend (who also has a BlackBerry smartphone), your friend’s email server receives it, stores it, then sends a copy to the BlackBerry device. Your friend’s handheld downloads it, and your friend opens it. On reply, when your friend hits ‘send’, the device saves the trail with the reply intact. BUT, it transmits to the server for processing only the reply, not the whole email trail. Pretty smart, and efficient with the data transfer.
When your friend’s server receives the reply from the BlackBerry device, it attaches the rest of the email trail to the reply, and sends the whole kit-and-kaboodle your way. When you receive it, your server stores it, your device downloads it, and you open it. When you reply, your device saves the trail, transmits your reply to your server, your server supplements the rest of the trail, and off it goes to your friend. And so on and so forth.
The complications come with what protocol is used for synchronizing the information on your BlackBerry® handheld with your server (and consequently your email client like Outlook or Thunderbird): POP or IMAP.
In the case of POP (Post Office Protocol), the BlackBerry® device periodically synchronizes itself with the server, updating deleted items etc., but is limited in that your device acts more as a “dummy” to access your mail – you cannot file items, access folders, etc. BIS (BlackBerry Internet Service) almost only uses POP. For those on a BES (BlackBerry Enterprise Server) synchronization is complete and hassle free, and includes folder access, contacts and the calendar.
IMAP on the other hand, is a different sort of animal. While POP keeps a connection with the server brief, only for as long as it takes to download or upload a message, IMAP keeps the connection constant, updating the server with the state of information as it changes on the BlackBerry® device. So, if you open an email on your device, it is as though you are opening it on the server. If you delete an email, it’s deleted on the server in real time. And so on. This allows multiple users (or email clients) to access the same mailbox at the same time, and offers each user independently real time information, thus eliminating conflict.
The problem occurs when you combine the way the BlackBerry® device OS handles email, and the way IMAP updates the server with information from the BlackBerry device, in real time. When you use eCrypt One on One on your BlackBerry® device, and receive an encrypted email from a contact, just like with unencrypted emails, your server receives the encrypted email and stores the encrypted email in your Inbox. A copy of it is downloaded by your device, and you open it. On reply, when you hit send, the message closes, your reply is encrypted and transmitted to your server for further processing. The server adds the rest of the email trail, which is encrypted. If you have eCrypt One on One set to prompt you to decrypt emails, and where to open the sent item on your BlackBerry device, but select “No” to the decrypt prompt, scrolling through the email trail you would see that your reply is encrypted, but the remainder of the trail is not. That is because of how the BlackBerry OS handles outbound emails. But, if you were to check that same sent item in your Outlook, you would see that it is encrypted in it’s entirety.
That is how it should work, by design, and that it is how it works…except with IMAP. So, on your device the trail of the email you replied to is not re-encrypted after the reply is sent – that is a limitation imposed on third party developers by the BlackBerry® device OS. With IMAP the server pulls the message off the device to send, exactly the way it appears on your device. Instead of the server supplementing the reply with an encrypted original, it pulls the encrypted reply with the plaintext trail off the device and updates itself. In a way, it is “stealing” the decrypted email form the BlackBerry handheld. And so, your reply goes out encrypted, but the rest of the trail in plaintext. Ouch.
As already mentioned, with Gmail disabling IMAP seems to be futile – it may enable itself at random, you have no control. In the case of corporate email that has IMAP enabled, IT support can disable it. But they can also enable it at will, that is within their control. And therein lies the problem. In order to have true privacy, one must have control. In this case, IMAP takes away some of the control aspect, as does Gmail’s setting reset issue, and unencumbered IT control over mail infrastructures. One thing we must keep in mind is that control is not something you can have some of. You either have it, or you don’t.
So, as much as I like my Gmail, until they address their issue I am retiring my account to protect my privacy.
(The BlackBerry and RIM families of related marks, images and symbols are the exclusive properties and trademarks of Research In Motion Limited.)