Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Google recommends removing AIB for security reasons, should we?

Google says to remove AIB due to security concerns and "developer's information hasn't been verified by Google" - is this true? What can you tell us to dispute this claim?
2 people have
this question
+1
Reply
  • Andy Mitchell (CEO - ActiveInbox Founder) December 03, 2019 12:49
    Hi Craig,

    The tl;dr to this is, we've been going through Google's new verification for the last year, and it's due to complete before the end of December.

    I'm pretty confident in saying we're amongst the most secure, privacy-focused extensions on the market (I've certainly gone to great lengths to make that so).

    Why?

    1. We keep all your sensitive Gmail/GCal data purely in our client (or Google's servers). It never passes through our servers. Even authentication has been moved off our server, as it creates tokens that could theoretically be used to access your email. It's simply impossible for us to access your data.

    2. We went to great lengths to subsequently secure that data on your client. In particular, the authorisation token which grants access to your Gmail emails. It's encrypted on your hard drive by us. It's encrypted on your hard drive again by Chrome. And again by your operating system. And for good measure, we encrypt a fragment of it on our server (but we never pass the whole token to our server, so we can never use it).

    3. For the information that is still on our server, e.g. your Notes, the recent major overhaul to our servers was done to make sure they're protected behind the latest security technology. That's currently being put to the test by a 2-week intensive security audit by Bishop Fox, one of two global security firms approved by Google.

    ===

    But let's go deeper...

    For Privacy, the most important thing is that we've made it technically impossible for ourselves to read anyone's email, even if we wanted to (we don't). But we're also an EU company subject to the laws of the GDPR, that gives the best personal protections in the world (at risk of a £20 million fine to us). Please see https://www.activeinboxhq.com/privacy.

    For Security, the visual at https://www.activeinboxhq.com/security is probably the most insightful, but I'll expand on it in a moment. The most important thing here is really the same as above: no sensitive data ever touches our servers (we've made all handling of your Gmail data happen entirely between your client, and Gmail's servers)

    I've also touched upon progress with this in two blog posts:
    1. https://blog.activeinboxhq.com/2019/0...
    2. https://blog.activeinboxhq.com/2019/1...

    ===

    So what's going on with Google's message?

    Essentially we got caught up in the roll out of their new programme, when everything was new and uncertain, and it caused umpteen delays (and much stress at our end).

    A rough timeline:

    Mid 2018. Google realised the sensitivity of their data during the Google+ hack and subsequent shutdown. This led to them initiating Project Strobe to strongly tighten their security, which included us as a vendor.

    Late 2018. Google announced it would expect vendors like us to go through their new programme, but the programme would not be announced until early 2019. Around October/November, we began engaging with the embryonic programme.

    Early 2019. The programme changed, and our progress to that point was reset back to the start. As everything was so new, and documentation was frequently changing, the whole experience of getting certified was moving slowly (but we were still moving as fast as possible: the groundwork for major changes to ActiveInbox and our servers were put in place during this time).

    Mid 2019. It became clear that the new Google certification was going to cost us, as a small company, between $15k-$75k a year. But this only applied if you transited/stored any Gmail data on your server. I concluded that as we'd already begun moving functionality from our server to the client, I thought we might be able to avoid this rather large fee if we undertook a rigorous rewrite of ActiveInbox's client, to make it absolutely certain it could never even accidentally transit any sensitive Gmail data through our server (fun fact: it's remarkably hard to code software against attacks, when you're trying to consider that you yourself, the coder, might also be the theoretical attacker! But we created some pretty powerful defences as a result). That was an intense 4 months of work over the summer.

    Late 2019. Despite succeeding in keeping *all* sensitive Gmail/GCal data off our server, Google ruled that because our client still talks to our server for non-Gmail-data reasons (e.g. to save notes, check expiry), it remains a theoretical source of leaks, and so we still needed to go ahead with the expensive audit. In late September, we began the process of getting the audit underway. This meant we had to accelerate completing all of our planned server changes - things we wanted to do anyway to improve ActiveInbox's functionality and simplify server maintenance - to finish them before the audit. That has created the second intense work pressure of 2019 (it's fair to say it hasn't been my favourite year!).

    That brings us to today: by a squeak of a whisker, our server move is complete, and the security audit began yesterday. We expect that to complete next week, and for Google to update their messaging by the end of the month.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • Thanks for the detailed response, this should help my company to allow me to continue with AIB.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • This reply was created from a merged topic originally titled ActiveInbox listed as "risky" in Google security review.

    Google suggests I "Remove risky access to your data" by ActiveInbox.

    This was also reported a year ago: https://getsatisfaction.com/activeinb...
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited