17 November 2014

Jon Smajda: “Mailbox and Facebook App Links”

Here’s why: Mailbox recently added support for Facebook App Links. What are App Links?

Imagine someone sends you a Pinterest pin in an email. If you have the Pinterest app installed on your phone, just tap the link in Mailbox and it will open in your Pinterest app rather than Safari or Chrome. You get to access information on your mobile device the way you want — and not through the default web view.

How do App Links know how to do this super considerate service? By sending every URL you request to Facebook, which then requests the URL to check for support for App Links. So this is why Facebook was following my one-time login code URL, invalidating the code before Safari could get to it — and, I suppose theoretically, logging into my website in my place. Yikes.

Jon Smajda

I could say that I’m surprised, but I’m not, given Dropbox’s past record with security. While Mailbox announced that App Links support will be disabled in the next version, this should serve as reminder to be wary about letting third parties access your email accounts.

Besides, now that Gmail launched Inbox, offering many of the features of Mailbox without this particular privacy issue, is there any reason for Mailbox to exist?

Post a Comment