A couple of years ago our team considered that integrating a biometric ID into the SenseMail app is not a brilliant idea. However, upon numerous requests, we gave up and implemented a TouchID or FaceID. There are several downsides you should be aware of before activating that feature.
Firstly, you could be effortlessly forced to open the app. As we've mentioned before, a user won't be able to deny the existence of his account. However, that user might have several accounts whereas biometric ID works with the only one of them and the rest are safe.
Secondly, the extraction of the stored password for your device is not a real strain for the competent attacker. To be able to employ BioID, your password needs to be stored on the device for further retrieval and logging in. Although we strive to protect it as much as we can, it still can be reverse-engineered. We store the key in the encrypted form in the keychain, yet the passkey used to protect it should be considered insecure as it is unique for a device but not secret anyhow. Otherwise, one would need to enter that key and all the biometric hassle to facilitate the login become nonsense. The only positive matter is that to reverse-engineer the password an adversary needs to gain physical access to the device, with no possibility to do it remotely.
To activate touchID or faceID go to the SenseMail's general settings and turn it on.
What if you received a plain-text message with some sensitive information and wished to keep it? Now you can encrypt it and leave it on the mail server. Just open a letter and select an "Encrypt message on a server..." from the action menu. This will delete the original message and create a new encrypted message. Be sure that your email server actually does delete information and does not put it into some kind of Archive folder. You can check it in the email account's settings. For example, for Gmail, these settings can be found under “Settings → Forwarding and POP/IMAP → IMAP access → When a message is marked as deleted and expunged from the last visible IMAP folder.” The default option is to archive a message, switch it to “Immediately delete the message forever” and you'll be OK. Paranoid mode on - we still cannot guarantee that the email server does not retain the erased message anyway.
The other changes include message autoload when you scroll the table and an option to add those newly fetched messages to the bottom of the list without sorting it. Upon rearranging the entire list, these additional messages might appear on the previous screen, since the dates from the different email accounts do not match the order. Therefore, it might be harder to spot them. That is true only if more than one email accounts were added.
We slightly redesigned a message view for better readability. The header of the message is now on top of the message view. Tap on the sender's address will expand that section to show the sender, the receiver, reply-to, and size of the email. Also, the icons for the next/previous message were turned to point up and down for clarity.
As a never-ending task, a few minor bugs were fixed, and the stability was improved.