I just received Nokia's official statement about the case I reported earlier.
Nokia's statement begin.
A Finnish blogger recently posted on his blogsite that Nokia stores users' credentials in Nokia when they try to configure their email account on their Nokia device using direct IMAP/POP access.Nokia's statement end.
For the mobile email account to be created and for the user to enjoy a seamless mobile email experience, his email credentials (namely email address and password) need to be sent to the mail provider's server. In some cases, the user's credentials are sent directly to the mail provider's server, but in other cases, they securely pass through the Nokia mail server, without actually being stored.
Nokia takes security seriously in all phases of the mobile communication systems development process, and will further investigate this case using our normal processes and comprehensive testing. Also, based on the feedback that we have received, we will look into the possibility of amending the on-device email set-up instructions to ensure that end-user information handling in our devices and services is accurate.
My comment on that statement:
- I completely understand and accept the need to ease the email account creation. Despite that, I still feel that sometimes sending credetials to email provider and sometimes sending those to Nokia's server is not acceptable. I want to be in control who gets my credentials.
- I haven't claimed that Nokia stores user's credentials. I have written that credentials are sent to Nokia - I don't have any idea what happens to credentials after that.
- I asked if credentials are stored. Now we got a clear answer that credentials are not stored. That's good.
If I may suggest a solution to Nokia, would you consider a solution that
- tells to user exactly what's going on during the account creation
- allows user to decide wheter wizard is used or not
- if wizard is not used, no communications is done to Nokia's servers
- if wizard is used, only domain part (e.g. gmail.com) is sent to Nokia server