SenseMail Application for iOS


SenseMail secure mail is available on the Apple App Store

SenseMail is a secure mail client for your favourite e-mail service provider. Secure address book, notes and gallery. Protect every message you send with an individual password or pre-shared key.


Message list screen

Have you ever been concerned about online privacy? Would you mind someone reading your mail? If your answer is "Yes" then SenseMail is for you! Protect your communications with this state-of-the-art application. SenseMail is an easy to use, secure e-mail client for your favorite email providers.

SenseMail app for iOS introduces a new level of security in e-mail communications. Every part of your workflow is protected with salted AES-256 encryption with message authentication and other modern industry standart algorithms. Starting with the application launch on your mobile device, storing your private data and preferences and moving on to messages, leaving your device - everything is secure. If you take your messages privacy seriously this app is for you!

SenseMail does a simple thing - it encrypts everything. It never lets any information leave your device unencrypted. It never stores any information unencrypted. It never knows any of your passwords. It uses every available tool to keep your messages secure. No backdoors, no catches. If you forget your password, no one will help you.

If you lost your device you would need to log-in to your e-mail account and change a password or log out of all apps if you use a gmail account. No message data is kept on device. If your launch password was strong enough there's no need to bother - nobody can read your mail. You've got a double password protection!

SenseMail is for you if:

  • You don't want others to snoop on you
  • You need to keep your messages truly confidential
  • You are concerned about privacy
  • Your are as paranoid as we are :)

Use SenseMail if you want:

  • To communicate between top-managers of a remote branch or office. Not every information can be trusted to even a corporate mail.
  • To send confidential documents
  • To send private contacts
  • If you need a meeting in person just to hand over some document or information you can't send other ways. The application has a highest degree of protection.

The application has a highest degree of protection. You might wonder what if this app would be misused. What if it would be used for evil? We answer - this application is just a tool, like a hammer, which is hard enough, or your kitchen knife, which is sharp enough to harm your neighbor. But the fact that those tools have such a dangerous qualities is not enough to ban them. Neither they are necessary nor sufficient for anyone who decided to turn evil. It is exactly the same with this app. We believe, that SenseMail does very well what it's supposed to do but to be used as a hidden weapon of an enemy it should be a part of a complex infrastructure that will definitely not need this app.

SenseMail is starting from $9.99. Requires iOS 8.0 and above. Available worldwide except France (sorry guys, but you've got some crypto licensing issues).

"We have used SenseMail app for quite a long time now and it works just fine! First we made it to suit our own basic needs and now it's evolved into a much more sophisticated and complete product yet it's still easy to use. We are happy with the result, so we want to share it with the others", said the founder of the SenseMail project.

Key features:


Modern encryption algorithms

AES-256, HMAC, PBKDF2, SHA-256, gzip algorithms are used for protection. We use the latest algorithms to protect your data.

A salted compress-encrypt-sign way of operation that is considered to be the most secure one.

A symmetric encryption is used. That means no public keys, no servers to store that keys, no key exchange whatsoever. Only you have the information needed to read a message and you do not depend on any service or any server to manage keys.

Maximum protection

Individual password for every recipient. Or even for every message. We never complain that the password is wrong to make it harder to guess it.

Nothing leaves the device unencrypted.

2 levels of passwords: local storage password and message password or certificate protection password.

Safe storage. We always store your local data fully protected.

Zero-knowledge.

We never store your passwords. We cannot access your data. We have no servers to keep any information about you. We cannot help you recover your lost password. Moreover, it may sounds ridiculous, but we deliberately do not collect any analytics to make you sure that no information may leak. SenseMail connects only to servers that you specify.

Public e-mail providers

SenseMail uses public e-mail service providers. The app works with virtually any e-mail service provider that supports encrypted TLS IMAP connection (we guess, almost everybody do support that type of connection now).

Supports several e-mail accounts. Combined Inbox/Sent/Starred/Spam folder for all your accounts.

Can read and send unencrypted messages.

Supports OAuth 2.0 for Google Mail.

Pre-shared keys

Built-in tool to exchange full 256-bit keys to enable maximum protection for your messages. A password cannot reach its maximum strength since it would be extremely difficult to remember it. So, we introduced a pre-shared key to protect your messages. You need to exchange that key with your recipient and after that you can use it to encrypt your communications with the strongest encryption available.


Known limitations


Some information the app cannot hide. This is the data in message header, such as the IP-address from which the message is sent, time stamps, sender's and receiver's e-mail addresses. There might be some other data the e-mail service provider collects, but this is out of our control anyway. We do our best to protect the content of your message. If you really need a total control of your data you should consider running your own mail server.

Start screen

Empty messages screen

Technical details


Encryption, keys and security

SenseMail is a secure mail application. It uses user-supplied passwords to protect the data. An encryption key is derived from a password with a "slow hash" function. There are three types of passwords:

  • Password to launch the application. With this password the app encrypts all local data, such as settings, local image gallery, notes and the address book. The encryption key is derived from the password using 88.888 rounds of PBKDF2-SHA512 algorithm. 256 bytes is used for HMAC key, 256 bytes for encryption key. The number 88.888 has been chosen so that it takes about 2 seconds on iPhone 4S to get the key. So, set your password 8-9 characters long and there should be a really serious reason to brute force it. In case you entered a wrong password the app wouldn't tell you anything - it will just start with an empty database. You can fill it with data and use two or more configs.
  • Password to protect a message leaving your device. This password can be a unique string for every message, you just need to tell it to the recipient of the message. Again, the encryption key is derived from the password in 88.888 rounds. But the salt here is generated randomly in 88 rounds and is transmitted in the message subject. The message subject is encrypted with a key, derived from the receivers e-mail address, so you'd better consider it insecure and don't write any sensitive information there.
  • Password to protect a certificate. Every user can exchange certificates with another party and use it instead of a password. Use of a certificate drastically improves the security since it uses a full 256-bit key of random data whereas a password can't reach that degree of randomness. Each certificate is stored locally and is protected with a password. The encryption key is derived from the password in 3x88.888 rounds of PBKDF2.

All the data being encrypted are GZIP-deflated first (except for image attachments - they are already compressed and another compression will just consume time and won't give anything to security). After that the data is encrypted with a salted AES-256, HMAC-SHA256 is added and everything is converted to BASE64.

Recently we have added a so-called All-or-Nothing Transform (AONT) to make the encryption stronger without changing a key length. This transfrom is not encryption, but to read a message you need to know all of its blocks. So, to brute-force a message an adversary needs to try all blocks, not just one.

E-mail service provider

You can use any e-mail service provider that supports IMAP protocol. The connection is limited to TLS connections on port 993. The app will try to detect server settings once you entered your e-mail address.

For better user experience use GMAIL service since it has the most complete features such as message starring, IMAP folders detection and some others.

You can use several e-mail accounts. Messages from every account will be shown in one list, sorted by date. You can access individual account through a menu.

Visit www.creepytwolabs.com for more information.

Our encryption module is available on github here

Who we are?


We are a team of dedicated professionals. With our experience and passion for mobile development we accept challenging tasks and achieve exceptional results.

We make network applications, educational and entertaining apps for all ages.

Our mobile applications are fast, robust and easy to use.

We believe that every application should work as a charm, should be user-friendly and should look great. We make sure that our work stands out of the crowd!

Screenshots


Menu screen

Secure gallery screen

Secure note screen

Message pin request screen

Attachment view screen

Address book screen

Certificate view screen

Compose message screen

Certificate generation

Generation complete

Save certificate

Settings screen

Settings page

SenseMail logo

Let's Get In Touch!


Have any questions about our products? Or do you need something special? That's great! Send us an email and we will get back to you as soon as possible!


© CreepyTwo Labs Ltd.
Developed by CreepyTwo Labs.