The plan for K-9 Mail 6.200

Is it just me or does that make no sense at all lol? Like since when does an email app need that? I’m sure some people don’t even use Gmail, so why would Google require a Google login for, say, Yahoo mail or mail?
I swear, those Google devs are getting sillier every day :roll_eyes:

I hope not, but I guess I am not 100% certain. From the video, it looks like a pure web flow. On Android, you can log into Google within Firefox/Chrome without Android noticing and adding a system-wide account, so I assume this would be the same.

Not sure exactly what you are concerned about. Oauth2 makes sense because it allows you to do things like just revoking just one device’s access to your account without needing to reset your password and having devices signed in without needing to trust them to store your password securely/safely. It even opens the possibility of undoing everything that just one device did to your account (e.g., undeleting emails/seeing all sent emails) upon that device being compromised. It is cleaner/more right.

It is just too bad that Google requires an app-specific key. It’d be nice if the flow could be implemented once and just accepted by all email providers. Now some parts are Google-specific, requiring their API key and the review process…

I was talking about Google’s weird requirement to add a “Sign in with Google” button in K-9 - I’m not “concerned” about it, I merely find it very odd since I’m sure there are users out there that don’t even use a Gmail account. Also I’ve never seen that on any other email client either and the app itself doesn’t even require a login anyway.
Just another way for Google to make life difficult for app devs I guess.

1 Like

But that one is only for your Google mail address. If you look at other MTAs with Google support, the login button is only displayed in the moment you add a new Google mail address. It’s not there constantly.

1 Like

Ahhhh ok, that wasn’t clear … I haven’t used any other email client in ages since none push/pull as reliably as K-9, so I wasn’t aware that others have that button.

Thanks for the clarification :slightly_smiling_face:

Update: It didn’t take long to make the changes Google requested (see comment: The plan for K-9 Mail 6.200 - #11 by cketti). And after a few more very frustrating email exchanges they seemed to be satisfied with the video of the app they made me record.
Then they requested we “whitelist [their] test account” :person_facepalming: so they can test the app. I resisted the urge to tell them (again) that the app is connecting to their service, not ours. But I figured they actually need the app and sent them an APK for testing. They acknowledged that they received the APK on Monday. I assume they’re very diligent in their work because I haven’t received any updates since then.


So OAuth is a cut-rate Kerberos?
“Those who don’t know the past, are doomed to re-invent it. Badly. … Err, webBadly.” :wink:


Just joined here from the Thunderbird news, and will help out with Swedish translations and Beta testing as i do now with Thunderbird on Desktop :slight_smile:

Writing here to get updated when the first Beta is released


Update: Google finally approved our “OAuth App Verification request”. We’ll release a beta version with support for using OAuth 2.0 with Google and Yahoo accounts later today.


Google tracking code moist likely.

They don’t anything for your benefit - only their own. So this suits them, not you.

I won’t be using K9 for this - and we have essentially stopped using all our Gmail accounts now.

Please see The plan for K-9 Mail 6.200 - #17 by tchara . There is no use of the Google application ID/key if you are not logging into Gmail. It is just that doing OAuth2 with Google requires an app key—you can not get them to issue you a token if your app/website is not approved by Google. This lets them disallow people from logging into Google with K-9 if they deem the K-9 app to be insecure and want to protect their users from K-9. It could make sense if some security bug in K-9 resulted in it sharing your access code with some hacker upon opening some specially crafted HTML email, for example, or if the app store entry for K-9 was controlled by malicious people. It does reduce the freedom and openness, but it’s a way to combat people who just click through security warnings and then blame Google for themselves falling prey to phishing.

1 Like

I understand how it works thanks, but it doesn’t change what I said. Most will want to use gmail - lord knows why.

Remember, this is not for your benefit, just theirs. They don’t do this for fun. Just for cash. Oauth can ‘helpfully’ be used across sites.

That means tracking you across sites.

And it’s unlikely to stop spammers, of which they host bucket loads.

K9 is no more or less secure today than it was yesterday. The “less secure” narrative is just marketing baloney as oAuth doesn’t guarantee anything much, apart from more data & ad cash for them. You are just the product being sold.

I have not upgraded beyond 5.600 because the new interface was completely useless, and the devs were not bothered, despite mountains of criticism. From.experience that will be a perfect fit with Mozilla.

In the meantime I have dropped my use of gmail and shifted slowly to FairEmail.

Hey ho. YMMV.

1 Like

Who knows perhaps they have a change of heart and start listening for once?
I’d like the client to be less bloated and simpler in its design

My chief request is to get rid of they dark gray backgrounds that consume power unnecessarily on amoled displays. True pitch black, like in 5.6, should be enabled for users who have the dark mode on. All backgrounds include the email lists and hamburger menus.

Fairemail is unfortunately part payware and more bloated, its apk is over 20MB contrasted to 8.1MB for 6.1 release of k9. Still, release 5.6 was only 4.8MB.

I very much doubt it now, particularly with Mozilla who run certain lists if you are ‘important’ enough to join, closed down others and moved them to a web based forum - so much for supporting email, have severe moderation policies in certain places that is controlled my unknown Mozilla staff, and generally hate any form of criticism or dissent (and yes I’ve been on their lists anonymously for years)

Theme? Maybe.

FairEmail. (Note I have no links, don’t know the dev etc)

You don’t have to pay. There are a few extra features if you do tribute, and it is a tiny sum.

I have no issues in paying. I code & help in other open source projects and understand the difficulties in funding them.

Remember. Open Source is NOT free. You really should help in someway. Either code, test, debug, write dox or pay.

However, the changes made at K9 ruined a perfectly great little app, the devs comments were just and now leaping into bed with the bunch of muppets at Mozilla finally caused me to look elsewhere.

And that’s where my money & time will go too.

So you do have to pay to get full functionality. It’s not free. You have to pay for filter or indexing which is pretty standard in most email clients.

And to use fairemail with gmail oauth you can’t use the fdroid release or trust M$ (github) or google (play). As I trust neither source, it rules out my use of the app.

Besides size and less bloat, k9 has 1 major benefit over FairEmail. It is FREE for full functionality. But at the same time it did receive its amount of bloat since the almost (no oauth) perfect 5.6.

For most open source apps, it’s far more xommon that devs ignore user feature requests or calls for changes unless they are in line with their own plans. The opposite is an exception.

Moot point. No amount of work comes without a cost. The difference is some apps are fully free from a user’s perspective and some aren’t. Some app devs don’t require you to foot any costs, some allow to contribute, some make it dependent on pro features (search indexing a pro feature? Come on), some charge you continuously through subscriptions and micropayments, and some require an up-front payment.

I’m deluding myself but I’m not convinced either coming under the Thunderbird umbrella will improve the app and responding to user feedback by implementing features users seek. But mind this hasn’t been going on for some time, at least since the turn the app took after the 5.7 release. The sheer number of individual users posting they’d stick with 5.6 is enough proof of things starting to go bad. If it weren’t for google disrupting the email client community with oauth, many users would be happy where they are.

Funding will definitely improve but that’s about it.

Unless you read and understand every line of code and build from source you can’t guarantee anything much. Do you do that?

And the dev would tell you you are using an old unsupported & potentially bug filled version. Like using say DOS. If security is so important, why?

FairEmail. Pretty sure the K9 dev will tell you if more people contributed and stopped conflating open source with ‘free’ they’d be able to do more - maybe listen more to users, and not merge with Mozilla. With K9 you ultimately got what you ‘paid’ for.

Most OS projects suffer from lack of funding because people expect ‘free’. Maybe he should have charged from Day 1?

Yup, I release code that I do for our business under an open source licence but no support. You can indeed use it for ‘free’ because I believe in open source, and can afford to do that. Not all can.

I can also tell you I listen and help those who me. Everyone else can wait, or pay. I have a wife, kids, mortgage. Why are you so special?

Is it so bad of the dev at FairEmail to ask for a small donation for some features? Personally I never use ‘search’ on mobile… He could not release it at all, or make it all subscription. Are your groceries free? Insurance? Lawyers?

Why should apps or other code be free?? Is it because you use this app so want it free??

And K9/Moz do something similar. If not, you are the product. You do know how tied Mozilla are to Google don’t you, regardless of you using a gmail account??? There’ll be tabs to Google home pages, or search, or some way of adding tracking to your mail app.

Hey ho. I guess there will always be people who expect everything for nothing. Particularly the stuff they use.


1 Like

What prompted you to bring this up? The fact I choose to trust FDroid more than the rest or that I stick with an older version?

Yes I do rarely read some of the open source code, commits mostly when there is a sweeping change introduced.

My failing eyesight was one of the reasons I’ve been stuck with 5.6. My eyesight is more important than the small risk of running a release with a bug. The phone’s security offsets that risk somewhat.

If it was a paid model, he’d also be under an obligation to listen to feature requests or risk losing that support. With an app that does not require compulsory funding of you, he’s free in taking the app in whatever direction he think is best. But, as the post 5.6 release of k9 debacle indicates, sweeping changes can act against public expectations.

IIRC this code had been forked off of a google project. He’d have a hard time relicencing it.

And it wouldn’t be possible for it to have become so popular an app were it not free right from the start.

I think you misread my statement. I make no demands on anyone here.

A developer is free to do anything. Just don’t call your software free if a typical feature of a mail client needs a one-off payment. I see that as an insidiuous model: get you hooked (much like a drug dealer) to use the app as a free product and when a necessity requires you to use a more advanced feature (as with the paid search indexing in fairemail, everyone needs to search their inbox every now and then) and find out it’s not free… not impressed.

I run my own open source projects, contribute to several and expect nothing in return. I may even contribute financially. But I certainly won’t pay for apps that give you the a very basic functionality for free and require payment for a feature you’re bound to need sooner or later.

The success of many apps depends on them being free in the first place. The freemium model runs contrary to that, I find an element of extortion therein.

As for being a product, well most of the great free open source projects have no such intentions towards you.

Well, some government funding as well as donations were involved… The problems lie in other details.

I’ve just fallen foul of the M$ temporary disable of Basic Auth on my M365 tenant, fortunately now reenabled, so here’s hoping you manage to get OAUTH sorted for M365 accounts before the “hard disable” of Basic Auth starting in October / November.