MAVEN TECHNOLOGIES PTE LTD

Software Solutions for Businesses and Consumers

SMS2Email Buddy and PigeonHole Security and Usage

Ken

HOME BLOG

Posted on 11 March 2016 at 2:30pm

Why do I need to "allow less secure apps access"?

The use of a more secured methodology (e.g. OAuth2.0) means that more network overheads are introduced. For an SMS received, you will be redirected to your Gmail account to key in your password to exchange for a token. It is more secured because this token, rather than your password, is stored in the phone. The app then uses it to access your sender Gmail account to send out the email. Subsequent accesses can be performed until the token expires and the app repeats the process to acquire a new token. This severely affects the functionality of our apps to perform efficient SMS forwarding. Hence in the meantime, until we can incorporate this authentication mechanism without sacrificing efficiency, you may be required to specify the settings to 'allow less secure apps access' in your sender Gmail account.

Recommendations

We encourage you to follow these recommendations when using these apps to minimise your risks:

  • Consider creating a separate Gmail account and using the corresponding Gmail address (e.g. ken_pigeonhole@gmail.com) as the sender. That way, even if this account is compromised, your other Gmail accounts are still safe.
  • Do not connect to the public wifi to prevent hackers from sniffing your credentials.
  • This might not be applicable but if you are using the app as a means to backup your personal SMS, try entering Gmail addresses as recipients so that the emails are not forwarded externally. According to [Google, March 2016], emails sent from Google to Hotmail, iCloud are 100% encrypted (Yahoo and AOL are 99.99%) so entering recipient(s) from these domains should also be secured.
  • If you do unfortunately lose your phone, quickly change the passwords of senders in these apps. For that matter, do also change the passwords of any services (e.g. email, ecommerce, etc.) you have previously accessed on your phone.

Permissions

Contacts
Read your contacts to look up a name for an incoming number
SMS
Receive text messages (SMS)
Phone
Read call log, phone status and identity to log the incoming call when phone is in ringing state
Photos/Media/Files
Export list of incoming SMS/call to your SD storage (manually or automatically at start of month)
Storage
Export list of incoming SMS/call to your SD storage (manually or automatically at start of month)
Wi-Fi Connection Information
Check if Wifi is available or connected
Device ID & call information
Use hashed value of phone identity for registration
Other
View Network Connections
Check if Internet (via Mobile Data or Wifi) is available. If not, store pending job and send out email later when phone connects to Internet
Connect and Disconnect from Wi-Fi
Connect to preferred Wifi network automatically when in range
Full Network Access
Connect to Google SMTP server to send out email with SMS content as email body
Prevent Device from Sleeping
Keep background service running when SMS/Call are received so that app can connect to Google SMTP server to send out email

Important: We do not keep your password or SMS in our server. They are stored only in your phone and used when it is time to deliver your emails. If you have any queries, please contact us.