And some more information (from AquaMail's Privacy policy):
http://www.aqua-mail.com/?page_id=1878SSL certificate trackingThere is a type of security risk, not specific to AquaMail, but rather something that can affect any application that talks to a remote server, over the network, using encryption.
Called “man in the middle attack”, it’s when something is made to look like that remote server (mail server) even when it’s not – intercepting network traffic – and then it’s possible to decrypt that traffic and see what’s being transmitted (your password, for example).
AquaMail has a way to deal with this.
If you enable settings -> network -> SSL tracking, then AquaMail will examine each server’s “SSL certificate” (fingerprint) when it connects, save it, and then watch for changes on subsequent connects.
If a server’s certificate is found to be different from last time, it might mean that something’s pretending to be Gmail’s (or Yahoo’s or Hotmail’s…) mail server, when it’s really not.
In this case, AquaMail will stop right then, before transmitting your account’s password to a potentially malicious third party. There will then be an error message about it below the account (in the account list). Tap the error to examine the last known and the current certificates, and decide if you’re going to accept the change.
Now, some mail services (for example, Gmail, Office 365) change their encryption certificates quite often, and this will trigger the error, even though there is nothing bad going on.
It’s up to you (the user) to decide if a particular change in SSL certificates detected by AquaMail is valid, or possibly malicious, and if you want AquaMail to accept the new certificate and proceed.