Review of Beta ProtonMail Android App

November 11, 2015

 

 

 

 

 

 

So we have all heard about the recent DDoS attack on ProtonMail over the last week or so, but that hasn’t stopped them cracking on with things.

Invite-BetaI have been with ProtonMail since I heard about them opening it up for a limited amount of people. I signed up straight away.

I like the idea of having an email service that actually delivers on the promise of privacy. This is something ProtonMail seem to be delivering on.
ProtonMails servers are hosted in Switzerland,  which is outside US and EU jurisdiction, and has very strong privacy laws (surveillance directives must be obtained through the courts and with no gaging powers targets must be notified, technical interception of electronic communications is only permitted with regards to ISP’s and not ‘mere’ Internet application providers, etc.)

This means the NSA and GCHQ are not going to get that data so easily, like the can with other large American hosted companies that offer email accounts. (this doesn’t mean they CAN’T get it, just means they need to work for it)

For all Free Accounts at present Protonmail offers:

  • 500MB storage
  • Self-destructing messages
  • Messages sent to other ProtonMail accounts are transparently encrypted
  • Password protected encrypted messages can be sent to normal email accounts
  • 1000 messages per month
  • Unencrypted messages can be sent to any account
  • Attachments (unencrypted) limited to 11MB.

Up until now I have had to login to the webmail client to use the service, which is fine and works pretty well. Nice looking site quick to login and easy to use.

Today I got a private invite to use the ProtonMail Android App. I can say its a nice little app. Lets dig into it further.

Once you get the invite, we get the install of the app, again remember this is a beta at the moment.

Once you have it installed we come to the login screen:-
BKK7IpCaxGQXrhuESf64RPgwjeim11WuKpI4G78DJQsRi1IWkSOHTyrXQBXXdGgqmKxweAZqfTs C1s1MFNbnom2uFE7pCqx6GJQ zXTFy 4D9k nrF8hGuemzu8mncIpl7v9yNon7lW77oJHJciSAwNQO048a0mPFIPUSEzRDJuShqECjnyDFVGUVvGEwIExMEr2ioIjllvirdkiOsPSLqJLGtvetdHsl7CDXlFlAb11 MrwDHt IkKSg5H765gP4AI80NLIrrka2ulDoA1GjvR RmR0Y87Mbt1Ru8A9CweARypr nwMgDHMyTlkfsRBVZwcxTyfgBhLGuJsnPkPmnBl1B3DFZYL4nVfVXEzuXaaJLKxxhDJhPVHvURLI foJgIx0KHDYnbHsRwHobViCLB mLvAuAgQYadpve7f RDnyoT0usNkJV5TzCzLmqlzBUkuggO1xCRJq17P Qo8d urza4NTUgXXsR84ylvySlFmqHtkr 3vXZoCT8avJYDqu5 eicCRwNJfveWATuVCLhnqM rUC9BR1HThS3E9fL=w521 h925 no

As you can see this is a nice neat easy to use screen. Nothing you wouldn’t expect from a service like ProtonMail.

Here you need to input your first password.
Now if you have not used ProtonMail before, we have more than one password we need to login to the account.

The first of username and password are used to authenticate the user and retrieve the correct account (and which ProtonMail keeps a copy of). The second one is used to decrypt the mailbox and is only held by the user. If your sending an encrypted email to  a non ProtonMail user, you can specify your own password to decrypt that email (obviously you send that password via other methods of communication). You can also send normal non encrypted email and would act as normal when received by the other normal email user.
uyHgjS8t61F 66f7tFwzWHs99xbnlotAgoR0mbkubA9zlgz7zpgmjsri1catLolNTFbDS ovr5NsgYmTUOh7ywAsUSKNfurXN22 BKahSO42LA wSyecF3qcAlL9jTqSbmuLAzLU4Xb9k0lhIk7XnpTP9lMGJr1ixCxcA3My9IvetIVaMDt37PwwTo5k8R4YjrELQmEUvb7n4xf1LVLNSmblYUsJepe07H0VZyvZ0v5cz2KzXSekuZxMtYx2RVpMU4VgClauvL0xpJ Gc0tATXyDkOMiHcP2HfPsSU4A3U7MwzJtwOT 2Sanl THn7U9ARdygisRemtmLpc2 IXPw5ie F5hzr0xVO 7FlJAu8tzQ9VbcNJvBgI4mhi8tw1QTjj83y0qKXwIr7zHhIC3aEztuB8mRU G2pWMNAIZrbdKn8f9BgU9FApGp PJRUltHY3lKjFa8ckjpRjCUBIZNu 4Y2i3pgPgWYtR5lBSbPKvz8hrSJ7fsMKRm9JKVChPEgjL4fgRlnGmb0gSr9PMII7yAbLQfxpAoigbKV Jy R=w521 h925 no

The mail is stored encrypted on servers, ProtonMail staff has no access to them.
These servers themselves according to ProtonMail “utilize fully encrypted hard disks with multiple password layers so data security is preserved even if our hardware is seized.”So as you can see so far, ProtonMail are not messing about. No metadata is kept, and it does not log the IPs users’ connect from.

As the emails are encrypted, they are also incapable of scanning the emails to offer advertising like some other companies currently do.

Untitled pictureAt the moment, when I get an email send to my ProtonMail account, they send me an alert to my normal email account and inform me that there is a mail waiting. I love this feature and find it very useful.

Once we have logged in and Decrypted the mailbox we are greeted with an android app that feels at home with any email user.

If you click on the menu in the top left hand side of the app we get a clean menu. Nice and simple. Everything you would expect from a decent mail app.

As part of the install process of the app, you allow ProtonMail to access your contacts. This means all your current contact are all ready in your ProtonMail contacts list and ready to send email to.

You can also Sync your contacts back to ProtonMail so when you login to the webmail client you have your contact there also ready to use.

 

 

 

Composing emails again are nice and simple.
Emails to other proton users are encrypted by default but if we are wanting to send an email to a standard user we have the added bonus of using the encrypt function direct from inside the Android app. All you need to do is click on the Padlock and choose a password. Can’t get any easier than that. It will ask you to confirm the secret password.

ufvnf93nmju1QVnB2U0smjLu9q6gmkSiI5eBs6J6JEbofoUk15iL87DyHllLVz AjtmKlooKqihGhdLsuqIbFL GglKkxgmybg2r4rfjYHOr l8P1IqjzqKYaj6ld9aB4Tb81AoPYZjolwmXhy0jeGyIbGTybHOuZIfuPT7PcUIxEMBI2RrmTOVqxDWb uokVkpfSHWrGWGxAhfQOKqfeyCFSiFNj5DA q0p1bkxM5vtxlwJMbit0mUZCPfvI2VdXAbGYfENBPROCSda0Avy 2FiFAsoSmmuvv14sTFDdUor55i 1Zh4 7OztOL7tHJbVcDu63rOoeNRGlktIAocuf ykRtPH7x4I0T an9MZgTX beSE5u9UqxaguZ sIHOuDDC5FbHfGwqCoVQO1uTKvHV ShsB3k18yV8K47iToaJ9Eq6hlEMy4BLPT5ye4pQDX0F EAMHK7rwFbeoT5BZLJaJ7piH6QwlMACuHuFHAlig5mMXEYwmPzO63jRSoP4nfayu0WDlaX mgriuuFj92jJMyWMJN7ocq7BmkAnq et=w521 h925 no

 

You have the option to leave a hint if you so desire, could be a cryptic clue or something you have pre shared with someone, but its totally optional, doesn’t need to be added.

Another great feature of the app is the the Set Message Expiration button. To enable this you click on the little clock icon and select how long you want the message to be available before it self-destructs (reminds me of mission impossible).

wfobj7bwwj3O2iqj2gKRB0tqZgyLUVk7cYpahMe96KP6bskkQd47 siAq8fBsWu2xUb3yu7fdON0ynPeD5Pu9X85mfgsAu9ncRFNugrM0U6zOKrEqSADVvBqtfc0pqQzy18hmkViA fREnBCauzdy0vt4hYv0JRMDrMQjcQT9LhuR2ZI3hOll1WalbkbXjNuveZe76Vc81Lp a7kF 93whpWhqxX11v1rrlg4wec9HEIjExPExynmQ5eVNfd8uDw55wj44ZQIg5kmzNcRHzgnTh3eu8fP1tfOjeoGgBK6U lCY365vaGp9XPzXfFJMDs1ThzFqJstrVFBOBn4SAiY6rfsjO3l SfvHpl0eYtAdt6zoWLntJGJqBIYa3fF8RjaiegSsba1m0EJNT7O4vCwUsrJuGJH21N1XY6Pf0jk SwITf0BC5epYkzc65NzTVtdTSGVT8KvxptLEbpumUY1AUl7h4Vn4K5XzbBjiGSONs3io5MKpCjLQN 0bCf6PuaGXJutllVedYT3dzE4qyiZtdSkygZ9FHmXyNXetyzuR0A=w521 h925 no DqRwus 8OfzXqMVu5hR8wMXudvgTYVQqZn3g OADpYmd7Z6umrE2goC0tR5YhGAwXFdi82pBBP6IxHw74n u6tUylKyvJNpz0x B93wLj7A7chYaFxeLOimiwcu0AYGNqcVwa0kyzDMr6QPKorRKrJhkW8W kx8ZIuq81QStbaSPgLXXbVuHnpJWNfKJNgcs4SP0509g9xqcTx jS2pP AUtpm2XuLVCn6ewyFCbwpQpx97xV1OTSa HgW s1XUMij7ptKtazHEpEnoh17TSCWtNAKNbB3ORVJgtfhWrAb Ps2gQkv9trM3IxAH0 oRmltbW4rk6yLsx NgbBNFYTxYuwGY8leS0KmJP2Vu91PqwwYKJDiwOX27Q4vWzVSIXyblxQSiMBd3VQFUaS3F50 XuYhpaQL55AfstLkjR3hrnIFCdvFVMVOpOzmZL5QmgqvvJJNm1zgXFTH0rZRoCfUXWlih WnUb2wf6bQ625C9XP BxFeisjhvReHH9WpptGAQHEMneCBFYJseLG1rQ6Gmu88qSU0djM zDUPOoZOtK=w521 h925 no

From here on, click on send. And away it goes. Not hard at all to send a encrypted email, no need to import GPG Keys and explain to others how to use it.

The person who gets the email will see something like this:-

They can then click on View Secure Message, this will load up a secure webmail site and allow the user to input the secret password to decrypt the message and allow them to securely reply.

Encrypted-Email

 

If you are looking to get a more secure email platform, I would recommend using ProtonMail.

 

Tags: , , , , , , ,

You may have missed

ransomhouse 1

RansomHouse Ransomware Victim: STERCH – INTERNATIONAL s[.]r[.]o[.]

April 24, 2024
ransomhouse 1

RansomHouse Ransomware Victim: Bank Pembangunan Daerah Banten Tbk PT

April 24, 2024
BianLian

BianLian Ransomware Victim: defi SOLUTIONS[.]

April 24, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 24, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 24, 2024