• kyub
    link
    fedilink
    arrow-up
    27
    arrow-down
    2
    ·
    edit-2
    2 months ago

    Just FYI I installed the apk from the github repo (not the google play version) via Obtainium a few days ago and it tried to make a connection to 2 cloudflare IPs during setup of my account. Without prior consent or any mention. So just be aware that there is still some form of telemetry or unwanted connections happening, even though they removed the telemetry flowing to Mozilla’s own telemetry endpoint. K-9 had zero of this, it just spoke with your mail servers and that was it. So be careful and block outgoing app connections by default. I did not analyze the data being sent, just that there were those 2 unwanted connectiins happening.

    • jonne@infosec.pub
      link
      fedilink
      arrow-up
      12
      ·
      2 months ago

      Isn’t this part of the auto configuration stuff? Basically there’s a standard where you can add some DNS records to your domain and/or a standard file on your website so e-mail clients can automatically prepopulate all the email settings so you only need to worry about entering your email and password.

      • ghen@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        That might be it, Thunderbird works really well with auto configuration of domains that it doesn’t know but has DNS entries.