There are quite a lot of changes in this version. Lets start chronologically and list major fixes.
We've added an easy setup feature. Now to add an account you need to enter your e-mail address and we'll try to figure out the server settings. For Gmail you'll be redirected to the web-authorisation form, for other accounts you'll need to enter a password.
Now you can enable an auto-signature for an e-mail account.
There was a bug – imagine that you compose a message and get a call. After finishing a call you notice that the letter has disappeared. Annoying. Now your letter will be hidden to an icon and won't be lost. The same was with a secure note. Fixed.
In the list of messages you can tap on the table header to sort the table by date, by unread and by the sender in a cycle
Added message search. Since we cannot search a message body as it is encrypted, we added search for unread, starred, large messages, protected and answered messages. Text search will look into sender and subject (for unprotected messages) fields. Also, when the date is detected, you can search messages before/on/after that date
Added HTML or plain text view for a secure note
Now you can save documents to the secure gallery
There is an option for large font for the list of messages
We've added a multiple selection in the message list. Now you can select multiple messages and delete, copy, move or flag them all at once
We fixed a number of other bugs
Easy Setup page
New message minimized to the icon
Things to come:
We still need to work on push notifications or at least on a periodic check for new mail. To get real-time notifications we need to keep an idle IMAP session. iOS can't do that as the app will be killed in about 10 minutes, so we need a server that will handle the opened sessions. Here is the catch. To do so, it needs to have some user credentials to connect to the mailbox, but we don't want to give out that information. Now we are testing the other approach with periodic check. The server sends a notification to the app to force it to check mail every now and then. There's no need to reveal user credentials. The server knows only a device's id that is of zero value to a potential adversary.
The other task we are working on is one-time certificate. See What is deniability and why you may not want it? for more details.