I need to send emails from an app. Until now I've used the JavaMail Api which works well but has some problems: I need to hardcode the password to the gmail account from which the mails should be sent, which obviously isn't great Google recently detected some "suspicious sign ins" (I don't know if this was actually some people who tried to access the account or just the normal sign ins from the app), but google forced me to change the password, which obviously made the app useless because it couldn't send emails anymore. I don't want to always release an update just because I had to change the password. So if you have any ideas on how to either: make the hardcoded password pretty secure and preventing google from forcing me to change the password or sending the emails some other way that doesn't need a hardcoded password (like through a http request but that doesn't really work because the server thinks I'm spamming around and blocks the webspace...) Please help!

androidsecurityemailpasswords

DominicM

Reputation: 2196

How to Send Email from App

I need to send emails from an app. Until now I've used the JavaMail Api which works well but has some problems:

I need to hardcode the password to the gmail account from which the mails should be sent, which obviously isn't great
Google recently detected some "suspicious sign ins" (I don't know if this was actually some people who tried to access the account or just the normal sign ins from the app), but google forced me to change the password, which obviously made the app useless because it couldn't send emails anymore.

I don't want to always release an update just because I had to change the password.

So if you have any ideas on how to either:

make the hardcoded password pretty secure and preventing google from forcing me to change the password
or sending the emails some other way that doesn't need a hardcoded password (like through a http request but that doesn't really work because the server thinks I'm spamming around and blocks the webspace...)

Please help!

Upvotes: 1

Answers (3)

Bram Geron

Reputation: 283

I concur with ddewaele: a proper API is necessary. Note that there are online services that offer easy APIs for you. For some examples, see Backend server provider for mobile apps. Some are free for a small number of users.

Upvotes: 0

ddewaele

Reputation: 22603

If you want the app to generate emails and send them to the user the best way is to send the email from a backend system. Publish a REST API that your mobile application can interact with and have that backend deal with sending the email. It will be more secure and you'll have proper decoupling. It's the only good way to deal with it.

Encoded passwords in an app can always be decrypted, as the encryption key will also be stored somewhere in the app. Plus as you already stated, the hassle of having that code sitting in your app, and the difficulty of updating that code can be a nightmare (not all users update their apps frequently).

If you want the app to send emails on behalf of the user (making it as if the user is sending them), then use an Intent as CommonsWare stated in the comments. It makes it visible to the user that an email is sent.

Upvotes: 2

Dave

Reputation: 298

Not sure how often it has to send emails, but you could encrypt the password with a 4-digit pin, then upon startup ask for the pin, decrypt the password and keep it in memory. You'll need to re-decrypt it if you get swapped out, but it will keep the user's password more secure.

Upvotes: 0

How to Send Email from App

Answers (3)

Related Questions