Kevin Smith/Business Insider
UPDATE: Behera has issued an update to his post: "After posting this on HackerNews some developers / users feel my hypothesis is wrong and one can not repeat the steps below without having physical access to an user’s phone or locked devices. I agree to this."
The short version of the story is that this isn't a bug, flaw, or anything of the like. If someone physically possesses your phone, they'd have access to this information anyway.
PREVIOUSLY: According to app developer Subhransu Behera, iOS email app Mailbox is a "security fail."
We caught wind of this from 9to5Mac.
Behera found out that anyone with physical access to the phone can connect it to a computer and use a free program called iExplorer to access the app's files.
This little workaround gives someone access to your attachments, contacts, and the contents of your email.
Behera says it's an easy fix: " It’s all about adding few extra lines of codes to their iOS app to increase the security level. iOS SDK gives a developer a list data protection APIs for protecting documents, database, and other sensitive files that consist of confidential information about your users. I would love to try my hands on a better Mailbox iOS app, that is more secure. Until then I have deleted my accounts from Mailbox."
We have reached out to Mailbox for comment and will update when it replies.
More From Business Insider