New Nokia Smartphones Leak E-mail Passwords
Noksu writes "Despite of the recent plunge in Nokia's profits, the company is doing well in the surveillance business. The infamous 'Lex Nokia' got ratified in Finland and the company has launched a massive Nokoscope research project for data gathering. In the meantime Nokia's new smartphones forward e-mail account credentials to a remote server. Surprisingly enough, this is done in HTTP request headers. The company has been informed, but there has not been an official statement yet. Time for class action suit in the US?"
Nokias response
What?
As commenters have already pointed out on those blog posts, push IMAP will require that Nokia stores your credentials on servers that check for your new email as a proxy.
This request is https. If, during setup, you asked for push IMAP, or any number of other imaginable features for your mail account, sending your credentials to a Nokia or wireless carrier server will be necessary.
Actually... if it's https... how the hell can this guy tell what the URL request is? Has he patched their email client to snitch?
There are no trails. There are no trees out here.
I know very well how Nokia Messaging works because I use it. This is their new email client that is now being shipped on recent higher-end phone(s), or that can be downloaded/installed on older models. It is made to compete with Blackberry services which work the same way.
You can complete its setup over the web - you go to http://email.nokia.com/ enter IMAP/POP server name/username/password and add up to 10 accounts to your main Nokia account.
Alternatively, you can do these steps on the phone itself, which is what the OP described.
You then run Nokia Messaging on your phone, enter your master credentials and have access to all of your accounts.
This is how this service is designed. You may think it's not prudent to give Nokia your credentials, but this is how this service is designed and there are reasons for doing it this way.
Claiming there is some conspiracy is silly.