The popular Mailbox app has a security flaw, according to Subrandu Behera (via 9to5mac), an app developer, as it allows everyone with access to the iPhone to extract email contacts, content and even attachments.
“I love iOS apps and developers. And it’s the apps that I love that motivate me to write better codes. However, Mailbox is an exception. I like the UX of this application, but I dislike its data-protection approach more. As a matter of fact, there’s no data protection at all,” Subrandu writes.
The developer was using iExplorer, a tool for transferring music, movies and playlist from iDevices to PCs and iTunes. In other words, anyone who has iExplorer and physical access to an iPhone can extract attachments, email content and contacts because all these files are unencrypted and unprotected.
“But, wait, it gives you more: It gives you access to an application’s Document and Library directories on your devices. These are the usual places where iOS developers store their database, plist files or other resource files, and [they] can be extracted to a system if [the] device is stolen. You don’t need to jailbreak the device.”
Subrandu Behera also highlighted how the Mailbox app can be improved: It’s all about adding a couple lines of codes to the iOS app. He points to the iOS SDK that gives developers a list of data-protection APIs for protecting sensitive information.