How to use a Gmail/Google Workspace account with K-9 Mail?

TL;DR: K-9 Mail can currently only access Gmail/Google Workspace accounts if you enable 2-step verification and create an app-specific password.


The problem

Since the end of May 2022 Google no longer allows you to use your Google password when accessing your email via IMAP, POP3, or SMTP (this is what K-9 Mail uses to retrieve/send emails). That’s a good thing, because your Google password allows access to a whole range of Google services. There’s no need for an email client to potentially have access to all of these services.

The current solution

The easy way to support existing email clients is for the email provider to allow their users to create app-specific passwords. That way the user can grant email clients access to only email, but no other services. The app-specific password can also easily be revoked without having to change the main password, e.g. if your device using the app-specific password was lost/stolen.

Google supports app-specific passwords, but only if 2-step verification is enabled for your account.
Currently this is the only way to access your Gmail/Google Workspace account using K-9 Mail.

The “proper” solution

What Google wants email clients to use, is OAuth. This involves the app opening the browser to allow the user to sign in to the provider, then granting the app access to the service it requested access to (in our case email). Behind the scenes the browser will return an access code to the app that it can then use to retrieve/send email.
Conceptually you can think of this as a streamlined way for the user to generate an app-specific password and passing it to the app. Only that the user never gets to see the password and doesn’t have to manually copy it from a website into the app.

The “problem” with this approach is that developers have to register their apps with the service before they are allowed to use this method. In the case of Google, not only is a registration required, they also verify that the app is following all their guidelines before an app is allowed to use this method.

We’re currently working on adding support for this mechanism, or rather we have added support for it and now will have to keep making changes until Google is satisfied. We’ll release K-9 Mail 6.200 once that work is complete.

For updates, check out The plan for K-9 Mail 6.200.

See also: How to set up with a Gmail account

9 Likes

Thanks a lot for your post!

I didn’t understand much. I have been using k9 for more than ten years and this is such a blow I am still shocked. As for the new methods to have access, it is far too complicate and risky. In fact I have read about people that while traveling abroad have been unable to access or use the two way identification and lost their tickets. I am very sadly saying that I don’t try what I don’t understand, and I don’t understand your post. Can you rewrite it in an edible way for laycans? That would be much appreciated.

Just use the guide by Google on their site, there’s nothing difficult about it really.

Thanks, but once I implement this procedure will k9 mail work again with gmail?
EDIT: it seems to me that I should activate google two step verification and this is the key point: I do not want to add this layer cause the risks to be locked out of the account are too high.

Thanks a lot for the information. I am getting all the “failed to connect” warnings regularly on my Android phone right now. Nearly every hour I receive the warning triangle signs. It seems each time it tries to connect I get a warning.

There is no problem with the Gmail app by Google itself. It is working properly, but I like K-9 and I hope you can sort it out soon.

In that case you’ll have to wait for Google to approve the new K-9 Mail version. As far as I can understand, everything is implemented right now but Google is the party delaying it. See The plan for K-9 Mail 6.200 - #19 by cketti for the latest progress update.

Setting an app password should work and fix that. If you don’t want to use an app password (because it requires 2FA on your account), you’ll have to wait for an update. See the link above.

I think that the chances of getting locked out of your google account because of 2fa are fairly low. I believe that there are at least three, maybe more, ways to meet the 2fa challenge (or do recovery). I’ve gotten locked out of my bank account because of their 2fa, but never google.

If you have enabled app passwords then you can disable 2FA and still use the app password.