MAVEN TECHNOLOGIES PTE LTD

Software Solutions for Businesses and Consumers

SMS2Email Buddy and PigeonHole Security and Usage

Ken

HOME BLOG

Posted on 11 March 2016 at 2:30pm

The use of a more secured methodology (e.g. OAuth2.0) means that more network overheads are introduced. For an SMS received, you will be redirected to your Gmail account to key in your password to exchange for a token. It is more secured because this token, rather than your password, is stored in the phone. The app then uses it to access your sender Gmail account to send out the email. Subsequent accesses can be performed until the token expires and the app repeats the process to acquire a new token. This severely affects the functionality of our apps to perform efficient SMS forwarding. Hence in the meantime, until we can incorporate this authentication mechanism without sacrificing efficiency, you may be required to specify the settings to 'allow less secure apps access' in your sender Gmail account.

However, we encourage you to follow these recommendations when using these apps to minimise your risks:

  • Consider creating a separate Gmail account and using the corresponding Gmail address (e.g. ken_pigeonhole@gmail.com) as the sender. That way, even if this account is compromised, your other Gmail accounts are still safe.
  • Do not connect to the public wifi to prevent hackers from sniffing your credentials.
  • This might not be applicable but if you are using the app as a means to backup your personal SMS, try entering Gmail addresses as recipients so that the emails are not forwarded externally. According to [Google, March 2016], emails sent from Google to Hotmail, iCloud are 100% encrypted (Yahoo and AOL are 99.99%) so entering recipient(s) from these domains should also be secured.
  • If you do unfortunately lose your phone, quickly change the passwords of senders in these apps. For that matter, do also change the passwords of any services (e.g. email, ecommerce, etc.) you have previously accessed on your phone.

If you have any queries, please drop us a line.