Take our customer survey to evaluate your visit.
It should only take a few minutes to answer five quick questions. Just click the Launch survey button at the end of your visit to begin.
2014-08-27 09:11 AM
I'm using S/MIME to send signed and encrypted mails in the stock mail app and noticed that all mails which have been sent as signed or encrytped (or both) are sent as requested to the recipients but are stored in plain text in the "Sent" folder!
That's a major breach of security from my point of view, as these messages should always be encrypted and not be stored as plain text in any place.
I've made some tests and can reproduce this any time. Interesting enough, this happens only for accounts using IMAP. Exchange ActiveSync is ok.
Please let me know if there is any setting to prevent this or if this is a bug: please forward to development.
Device D5503, KitKat 4.4.4, Build number 14.4.A.0.108
2014-08-28 02:28 PM
I will forward this internally to see if this is how it's supposed to work for IMAP.
When you say sent folder, do you mean the local folder or also the sent folder on the server?
2014-08-29 11:22 AM
Sent folder on the server.
The ones in the sent folder on the server are not encryted (or not signed) and show twice the same text. You can see this in any other email client (Thunderbird or webmail), just the app shows it only once and also as encrytped/signed.
So I guess it's ok locally but not in the IMAP "Sent" folder.
I've checked the source text of the messages, they just contain twice the message in plain text, base64 encoded, for example:
Content-Type: multipart/mixed; boundary="----GP725VWELF8TU50RR2ABG7RB6YQ542"
I've omitted the other header lines. Please note that's not encrypted, it's just the string "Test" in base64 ;-)
A properly encrypted or signed message has also these SMTP header lines:
Content-Type: application/pkcs7-mime; name="smime.p7m";smime-type=enveloped-data
Content-Disposition: attachment; filename="smime.p7m"
Content-Description: S/MIME Encrypted Message
But they are missing in the affected messages as well as the s/mime content, just the plain text instead of the s/mime attachment.
2014-08-29 01:11 PM
2014-09-12 08:54 AM
Our development has confirmed this issue and will work for a fix in later software versions. At the moment i don't have any information regarding when a fix will be available though.
2014-12-01 08:31 AM - edited 2014-12-01 08:32 AM
@Rickard: Thanks for forwarding this to development, unfortunately the fix still didn't make it into production: I've recently upgraded to Build number 14.4.A.0.157, I can still reproduce the bug.
And I've a realized a more general issue with IMAP accounts and attachments: Mails sent with an attachment are stored without attachment in "Sent" folder on the IMAP server.
As S/MIME is just a "special" case of attachment, I guess this might be the root cause which needs to be fixed.
2014-12-02 02:31 PM
I didn't get any specific version number that this would be fixed in i'm afraid but as i understand it, a fix for this would not make it into the this update (.157).
I'm sorry for any inconvenience this might cause.
2016-02-08 09:22 AM
Sorry to raise this again, but this is still not fixed in 14.6.A.1.236: Attachments are not stored in IMAP sent folder.
This not only affects encrypted messages, in which case it causes complete loss of the message, but also unencrypted mails, which are stored without their attachment.
I have to say I'm quite disappointed that it has not been possibe to fix this issue within more than one year.
2016-02-19 11:47 AM
I regret to say that this will not be fixed for Xperia Z1 and Z1 Compact. A fix was implemented in Xperia Z2 and onwards.