Security and Privacy Overview
This article provides an in-depth overview of the security and privacy model of Mimestream. The information here is not meant to replace our official privacy policy.
đź’ˇ Mimestream syncs directly with Google APIs, not through an intermediary service.
Mimestream is designed to provide a seamless and secure user experience for accessing Gmail accounts, while prioritizing user privacy and data protection by ensuring that account access and data remain within the user’s control and on the user’s device.
Account Login and Authentication
Mimestream uses a secure OAuth 2.0 authentication process to connect to Google accounts, facilitating a secure and seamless login experience for users.
💡 Mimestream applied for and completed Google’s Restricted scope verification process.
On macOS 12.3 and above, Mimestream utilizes the macOS Authentication Services framework to provide a system-standardized and secure authentication flow. On previous OS versions, or if the user chooses to use a specific browser for authentication, the app direct the user to the Google Oauth Login form in their default or chosen browser.
Once the user has logged in to their account via Google’s Oauth login UI, the Oauth “refresh token” is provided directly to the client device. This token does not pass through any Mimestream service.
Secure Token Storage in the Keychain
To maintain user authentication without requiring repeated login, account refresh tokens are securely stored in the macOS Keychain, which provides a standardized and secure system for storing secrets and tokens. The macOS Keychain requires the user’s system account password before this token can be accessed, only automatically granting access to Mimestream – protecting it against unwanted access from other apps.
Direct Syncing with Google APIs
Mimestream functions by establishing direct connections from the user’s device to Google APIs in order to access email accounts and retrieve data.
By utilizing a direct-syncing architecture, Mimestream eliminates potential security risks associated with the operation of third-party intermediary services.
đź’ˇ Use of data received from Google APIs adheres to the Google API Services User Data Policy.
Transport Layer Security
Mimestream uses Transport Layer Security (TLS) for all communication channels, ensuring secure and encrypted connections between the app and the Gmail API. TLS protects against eavesdropping, tampering, and other security threats by establishing an encrypted tunnel for data transmission.
While Mimestream focuses on securing data in transit, it’s important to note that true end-to-end encryption of email (e.g. S/MIME, PGP) from client device to the recipient device is not provided. Messages sent or received through Gmail are accessible to Google and is governed by their privacy policies.
Push Notifications
Mimestream makes use of a secure and private architecture to provide immediate push notifications. Mimestream makes a direct connection from your Mac to Gmail’s servers to receive push events. Although all other syncing activity occurs via the Google REST APIs, push events are currently received via an IMAP protocol connection to Gmail’s IMAP endpoint.
A connection is made to imap.gmail.com on port 993, and then Mimestream uses the IMAP IDLE extension (RFC 2177) to listen for new message notifications. Notifications are only received while Mimestream is running.
If your administrator has disabled IMAP access for your Google Workspace domain, push will not work. In the future, we are planning to deploy a secure API-based push event relay service for superior functionality in these scenarios. This service will not have access to your account tokens not be able to see your message content. Please see our roadmap post for more details.
On-Device Data Storage
Mimestream stores user email data locally on the user’s device. As previously detailed, Oauth refresh tokens are stored securely in the system Keychain.
Message Cache
In order to provide fast access to your email without the latency of network requests, Mimestream stores a limited cache of data on your device. This cache, and other user configuration data, is stored in the application’s container.
The application container is located at ~/Library/Containers/com.mimestream.Mimestream
.
Cached message data is stored in a sqlite database inside the container, and downloaded attachments are stored on the filesystem in the container.
💡 On macOS, we recommend using Apple’s Filevault to encrypt your disk, protecting your data should you lose your device.
Logging
In order to provide a high quality app, it is important for us to be able to understand the sequence of events that led to any issues a user encounters. This enables us to provide support to users even if the user doesn’t remember what they did, and it enables us to fully investigate issues encountered, even if they aren’t reproducible.
đź’ˇ Logs are stored on device, and not automatically sent to Mimestream.
Mimestream makes extensive use of Apple’s Unified Logging System for the purpose of storing a historical record of synchronization activity, as well as other information about problems that arise. Apple’s logging system provides robust functionality for ensuring that unnecessary personally-identifiable information is not unnecessarily logged.
In the case of a support inquiry, we may request that the user provide logs, and provide instructions for doing so. Logs are not automatically collected by Mimestream when initiating a support inquiry – it is an explicit, opt-in collection process.
We strive to ensure that on-device logs do not contain unnecessary personally-identifiable information, only detailing the high level activities occurring. In general, logs describing synchronization contain the names of the API methods being called, the account’s email address, and the unique server identifier of the entity in question. However, message content like the subject, sender, or body are not logged. For example, the logs covering synchronization of a new message look like this:
[GmailService example@gmail.com] >> [56924] messages.get { id: "17d0e26b9373cd41", format: "full" }
[GmailService example@gmail.com] << [56924] messages.get: GTLRGmail_Message { id:17d0e26b9373cd41 }
Application Security and Updates
Mimestream is committed to providing a secure and reliable application. Regular updates are released to address bug fixes, security vulnerabilities, and provide feature enhancements.
Software Distribution
đź’ˇ All Mimestream app updates are notarized by Apple.
We are a registered developer with Apple, enabling us to code sign our app with our Developer ID. macOS has a security technology called Gatekeeper that can ensure that only trusted software from the App Store and Identified Developers runs on a user’s Mac. Gatekeeper automatically verifies that Mimestream’s binary hasn’t been modified since it was last signed by us.
In addition, Mimestream submits all app updates to Apple for notarization before distributing it to end users. The notarization process enables the Apple notary service to perform automated checks for malicious content before providing a ticket that is stapled to our release.
Sandboxing
Mimestream is committed to the best security practices on Apple’s platforms, and utilizes Apple’s App Sandbox in order to limit the app’s access to system resources and user data. A small, very tightly-scoped unsandboxed helper service is included with the app in order to perform rare tasks that cannot be done from within the sandbox, such as allowing the user to set Mimestream as their default email client.
In addition, Mimestream uses the modern WebKit APIs in order to ensure that any message body content being displayed is itself sandboxed from the rest of the application.
Mimestream Services
In order to provide the expected services of the app, the Mimestream app does occasionally communicate with servers run by Mimestream. This is done for a very limited number of use cases.
đź’ˇ Mimestream services do not have access to your Google account or email content.
License Activation Service
Data Shared: License Email Address, Hashes of Account Email Addresses, Hash of Device ID, Device Name, Device Activation Date, Device Last Use Date, OS Version, App Version
In order to activate the app, the user must enter the email address associated with their Mimestream license. To simplify this process for users, the app sends hashes of every account’s email address (and their domains) to the activation service to automatically begin the activation process. Once an activation code is received and entered by the user, this code is transmitted to the activation service in exchange for a license file, which is stored on the user’s device.
Once per day, the app will refresh the license file by sending it to the service. The license file contains information about the user’s license, such as their email address, the expiration date, and a cryptographic signature validating that the contents has not been tampered with.
Mailing List Service
Data Shared: Email Address
If you choose to sign up for our mailing list using the in-app UI, the email address you entered will be transmitted to our mailing list service. Our mailing list isn’t used for spam and use of your address conforms to our privacy policy.
Software Updates
Data Shared: None
In order to check for the availability of software updates, Mimestream will periodically do an HTTP GET request to https://mimestream.com/appcast.xml and read this XML file to see if any software updates are available. If updates are available, they will be downloaded and installed from our CDN at https://download.mimestream.com. When installing updates, we use the open-source Sparkle framework to ensure a code signature match.
Future Services
In the future, if we add services that provide additional functionality to the app, we intend to do this on an opt-in basis. There will be a clear explanation of what data is shared with the service, and for what purpose.
Additional Information
For additional information, please consult our Privacy Policy, as well as our Terms of Service.
Should you have any specific questions, we would be more than happy to assist and provide clarifying information. Please feel free to contact support@mimestream.com.
Changelog
- June 5, 2023: Opening the in-app activation UI now automatically submits the hashed email address and domain of every account in the app to the Mimestream activation service, to help users more easily activate their license.