Grepular

Android Email Information Leak

Written 15 years ago by Mike Cardwell

When you view a HTML email using Androids standard IMAP client, it loads certain remote content without warning. This potentially leaks information to the sender about when a message has been read, and the IP address it was read from.

Images in HTML aren’t fetched until you hit the “Show pictures” button, but it does load remote content from the following two HTML tags as soon as you view the message, no matter what you do.

<link rel="stylesheet" type="text/css" href="http://tracker.example.com/web-bug?id=xxxxxxxxxx">

<iframe src="http://tracker.example.com/web-bug?id=xxxxxxxxxx"></iframe>

I’ve previously found similar issues in other email clients:

Apple Mail Privacy Hole (Fixed for Apple Mail. Not fixed for iPhone)

DNS Prefetch Exposure on Thunderbird and Webmail (Fixed in some webmail clients. Not fixed in Thunderbird)

This bug has been reported to Google

Want to leave a tip?BitcoinMoneroZcashPaypalYou can follow this Blog using RSS or Mastodon. To read more, visit my blog index.