AquaMail Forum

English - Android => General Discussion => Topic started by: madmanmoon on August 01, 2017, 12:02:21 pm

Title: Trialling AquaMail - inital questions
Post by: madmanmoon on August 01, 2017, 12:02:21 pm

Hi,
I'm currently trying Aqua Mail following the hardening of recent versions of Gmail's Active/Exchange policy requiring complex screen PIN's.

So far during the trial (I haven't gone Pro yet) all seems good and the visuals are close to Gmail (I'm not sure if that is your aim) and there appears to be good functionality.

However I'm concerned by security, usually when we set a phone it asks to be device administrator. Is that needed? I believe we have an Comodo SSL comms certificate for the URL we enter in to the server field.

Does AquaMail take advantage of that?

Title: Re: Trialling AquaMail - inital questions
Post by: Kostya Vasilyev on August 01, 2017, 01:37:06 pm

Re: usually when we set a phone it asks to be device administrator

Other apps (Gmail, ...) may prompt the user to set themselves as a "device administrator" if the Exchange server has a policy for that.

This is used for "remote wipe" (lost phone, triggered by the Exchange admin).

Aqua doesn't ask to be made a "device admin" and doesn't support remote wipe, which as we've seen so far makes it easier for users.

Re: certificate

Depends what you mean here:

- If you mean that the network connection to server is encrypted by SSL / TLS, just like an "https:" web site - fine, most if not all Exchange servers are that way.

No connection at all to what I wrote above (about "Device admin"), with Aqua or any other app. It's just about encrypting the network traffic.

- If you mean that the server requires connecting apps (clients) to use a so called "client certificate" (in addition to network traffic encryption, above) - we just added this into our current "work in progress" version 1.11.

This version is available here on the forum under "development builds" or in Google Play as a "beta":

https://play.google.com/apps/testing/org.kman.AquaMail

There is a button to choose a client cert on Aqua's "Exchange account setup" screen.

To install a client cert "into" your phone, the phone (Android) will want you to set a "secure" method for "unlocking the screen", i.e. PIN code / fingerprint / pattern (not "just swipe to unlock"), but that's not an Aqua Mail requirement, rather it's Android keeping your "client certificate" secure.

Title: Re: Trialling AquaMail - inital questions
Post by: madmanmoon on August 01, 2017, 05:22:58 pm

Hi Kostya,

Thank you for that detailed and helpful reply. Having look in more depth at the account setup procedure I can see that it is verifying the SSL cert we buy annually.

Trial continuing with a few users on the free version until they are happy that they want to Go Pro.