Do not use Readdle's Spark email app

Sun, Apr 3, 2022 2-minute read

I've written before about Readdle's Spark email client, which is popular, highly rated, and a beautifully powerful app. It's also too dangerous to use. I recommend dropping it immediately.

Readdle is a good, reputable company. I respect and appreciate them. However, Spark's design is fatally flawed: to use its advanced features, your email username and password (or token — same thing) have to be stored on their servers so that they can access your email account on your behalf. That's bad under normal circumstances, but astoundingly risky today. Readdle was founded in Ukraine and still has many Ukrainian employees. Russia is currently invading Ukraine, a sovereign country. If Russia manages to do this, they could likely have access to the login credentials of every one of Spark's users. This would be catastrophic. Imagine Russia's security agencies having full access to your work account, being able to use your personal email to reset your banking website's password, or reading every email you've ever sent or received.

Spark isn't the only email app designed this way. I believe it's the most popular, though, and that means its dangerous-by-design architecture is used by a lot of people. This isn't acceptable and it can't be fixed. If you use Spark, I strongly recommend following their instructions to delete all your data off their servers immediately, and then changing the password of every account you'd used it with.

And when you're done, see if their other apps look interesting to you. Risks with Spark aside, Readdle makes delightful software and could use our support right now.