Question regarding K-9

Hi,

Much to my astonishment after getting my first Android (or Open OS, that is) smartphone, I realized that my beloved Thunderbird does not exist for Android.

Because many recommended this on the net, I installed K-9.

Maybe I just didn’t find it, and possibly this has been asked numerous times (my apologies) by other people:

  • Is there a way to tell K-9 that I do not want HTML in e-mails? I do not want to generate it, and most certainly I do not want to have it displayed from incoming mail. Also, Images must not (!) be loaded from the net. HTML should be banned from mail, just look at the “e-fail” discussion where you can compromise encrypted mail if HTML and/or scripting is active.

Not to mention that loading external images poses the risk of confirming the validity of the mail address to spammers, thus provoking more spam…

So how do I set K-9 to just plain text?

Also, how do I set K-9 to leave all mail on the server after downloading previews and/or full text?

You will find all the information you need at K-9 Mail documentation.

3 Likes

Basically, using the account settings, you can force outgoing messages in plain text but not incoming ones.

For incoming messages, you can just activate “do not show images” (which is already activated by default).
I did not to the test, but “force plain text” should also work on reply, converting a html mail into a plain-text mail.

2 Likes

Normally a conversion should not be necessary. Most mailers that do use HTML outgoing, also create a plaintext version, so answering them would simply use the plaintext version already supplied by the original sender. In all those years, I only remember two instances where companies (!) sent me HTML-only mails. One of them switched over to plaintext, after I told them. The other did not, so consequently I ignore this other company. All others by default send HTML and plaintext simultaneously.

3 Likes

Thanks, there I found how to tell K-9 to send plaintext. But I did not find a way to tell K-9 I want plaintext from incoming mail as well… It is not just images. It is a scripting issue as well, and with HTML you can disguise the real URL behind an A HREF=… anchor, so HTML can be used to camouflage phishing… And of course, I do not want fancy fonts and stuff on my small screen…

Another question:

What is the best method to integrate PGP/GPG encryption/decryption?

I found news that say I should install APG, while at the end, the author discouraged that when Open Keychain is present.

  • Is Open Keychain there on FP Open? Or how could it be integrated?
  • Has anyone managed to integrate APG? I did not, after installation I only got an error message warning about incorrect configuration, showing only one dialog about forcing APG over Open Keychain, but even disabling this did not make the error message go away… I had to deinstall APG.

I am looking for something similar to my trusted Thunderbird, where I simply had to install Enigmail…

Thanks!
Oliver

Thanks, there I found how to tell K-9 to send plaintext. But I did not find a way to tell K-9 I want plaintext from incoming mail as well… It is not just images. It is a scripting issue as well, and with HTML you can disguise the real URL behind an A HREF=… anchor, so HTML can be used to camouflage phishing… And of course, I do not want fancy fonts and stuff on my small screen…

I did not find a way to force pain text and after some research, it cannot be done yet but it has been requested so “stay tuned” : Add option for default display format · Issue #906 · thunderbird/thunderbird-android · GitHub

What is the best method to integrate PGP/GPG encryption/decryption?

Can’t help you about this as I do not encrypt my emails :frowning_face:

Just install it within F-Droid :slight_smile:

In the past I used successfully APG, until January 2017 when they dropped support in favour of OpenKeychain:

With the latest major release from December 2016, K-9 Mail dropped support for APG as an OpenPGP provider. The drop-in replacement is OpenKeychain, which has been actively maintained by Dominik Schürmann and myself since it was originally forked from APG in 2012.

There are two reasons for this decision:

Firstly, development of APG ceased since its last release in March 2014. Moving forward with PGP/MIME support required a number of changes to the crypto provider API, rendering APG incompatible with K-9 Mail in newer versions.

The second reason, however, is the more important one: Three years is a very long time for security-relevant software, and no release during this time means no bugs were fixed. Meanwhile, OpenKeychain had a security audit in 2015 that yielded a number of issues. All of these issues were fixed in OpenKeychain, but are still present in APG due to their shared development history.

For some more details, check out the entry in the OpenKeychain FAQ on the relationship between APG and OpenKeychain. The FAQ also contains instructions on how to migrate your keys.

2 Likes

Thanks alot for the Information!
Oliver

1 Like

Version check:
Today UpToDown (which also looks after apps it knows, even it did not install them - I installed K-9 through F-Droid) notified me of an update to K-9, a version 5.503.

I have 5.403. According to version info this should be the latest. Also, F-Droid does not indicated any update. When I click on the update in UpToDown, it does download something. That can also be installed (very fast!) without errors, but after that, it is again displayed as ready for installation.

When I start K-9, it ist 5.403… Is this a malfunction of UpToDown or what? At the moment I do not suspect they tried to force a doctored APK containing malware onto me, because then I think it would not behave as to make me suspicious :slight_smile:

As far as i know, 5.4XX is still the latest production version, while 5.5XX is development/test. I’m on 5.503 because I’m affected of a bug replying to encrypted mails. Does not work on 5.4. But it’s not normally distributed

1 Like

You’ll have to activate F-Droid setting to display unstable updates to be able to update to the development version.

Thank you for the info! But I wonder why UpToDown does not correctly handle this. It still presents me with “Install 5.503” and afterward it just presents me the very same update… Looks like a bug in UpToDown, possibly because of this development version issue…

You basically gave the answer above:

The UpToDown version has a different (cryptographic) signature than the F-Droid version (this is a general security feature), which leads to the fact that you can install only updates from the same source; to install the package found in UpToTown you would have to uninstall the K9 version you installed from F-Droid first.

Not sure about that. I don’t know if it’s possible for an (any) app store to check an apps signature to verify if the app was installed from that very installation source. I guess not (or at least not easily), because the behaviour is (as per my experience) the same in F-Droid, Play and Yalp.
A solution could be to set UpToDown to ignore updates for K9 or - more general - for apps that were installed from F-Droid.

1 Like

Thanks. I changed the setting of F-Droid to include incompatible, enabled expert mode and enabled instable updates, and still F-Droid does not offer an update to 5.503.

unless i’m wrong, this version has not been added to the metadata file. It mainly depends on the repo configuration.

Well, to avoid more “die and retry”, what you can do is to install manually the apk from github : https://github.com/k9mail/k-9/releases

but you may have to reconfigure everything AND switch back to the F-Droid version when it’s out.

If you don’t have trouble with replying to encrypted mails i would stay on the stable version and forego the hassle with the development versions

1 Like

This topic was automatically closed 183 days after the last reply. New replies are no longer allowed.