Normally when working with a user's credentials, I would store them locally on a device, never on a server because it creates unnecessary liability.
For example, on iPhone we have
- Mail (default)
- Gmail by Google
- Spark by Readdle
I spoke to Google Apps support today and they say that all authentication credentials when using their app are stored locally for their Gmail accounts. I am not sure how the Apple default mail client stores credentials, input would be appreciated! Spark on the other hand says that their “server needs to check and send emails from your email account for [some function's] to work. And to achieve this, we need to store your email account’s access token.” Full story here.
Now I am curious
- Do they really need to store my credentials on their server on iPhone, if so; is this due to iPhone only or would this be Android as well?
- I have two factor enabled and an app password, is the app password what they would store? Is this my OAuth token in this case?
- This seems like a great degree of trust that I have to put into a 3rd party application and that their server's don't get hacked?
Thank you very much, if I did not post in the right group; i sincerely apologize, Please point me in the right direction and I will delete this post.
How do 3rd party mobile mail clients work?
