Android Email Information Leak

Published @Sat, 6th Feb 2010
When you view a HTML email using Androids standard IMAP client, it loads certain remote content without warning. This potentially leaks information to the sender about when a message has been read, and the IP address it was read from.

Images in HTML aren't fetched until you hit the "Show pictures" button, but it does load remote content from the following two HTML tags as soon as you view the message, no matter what you do.

<link rel="stylesheet" type="text/css" href="http://tracker.example.com/web-bug?id=xxxxxxxxxx">

<iframe src="http://tracker.example.com/web-bug?id=xxxxxxxxxx"></iframe>

I've previously found similar issues in other email clients:

Apple Mail Privacy Hole (Fixed for Apple Mail. Not fixed for iPhone)
DNS Prefetch Exposure on Thunderbird and Webmail (Fixed in some webmail clients. Not fixed in Thunderbird)

This bug has been reported to Google


If you want to read more stuff like this, follow my blog rss twitter or check out the rest of my articles: All, Android related, Email related, Privacy related, Security related. If you found this article helpful, interesting or entertaining, and wish to donate:If you need a freelancer or some consulting, you'll find me at Cardwell IT Ltd.

CommentsAdding comments disabled for this post