Securing Gmail Notifier

7/9/07 By

Secure Gmail Notifier using hidden preference setting

I was shocked to discover that the Gmail Notifier, as distributed by Google, defaults to sending your Gmail password over the network in clear text every time it checks your inbox for new mail.

Here’s a very handy tip I came across on MacOSXHints.com this morning. I had no idea that my GMail & GCal password was being sent in clear-text. I’m not too happy about it either. Thankfully, it’s really easy to change Google Notifier to an https connection using the poster’s instructions. If you use the app, I recommend you do the same — pronto.

iTunes, App Store, iBookstore, and Mac App Store
Filed Under: How To..., Software
About Jim Mitchell

Jim started out with a Mac SE/30 and a whole lot of love for that machine. It was during those early years working with PageMaker, Freehand & Photoshop that he learned the importance of keeping a system in tip-top shape. Now, as a systems admin with more than 20 years of experience under his belt, Jim’s ongoing efforts help keep the Macs of others running smoothly. You can follow Jim on Twitter at @jimmitchell.

Comments

  1. James says:
    7/9/07 at 11:39 pm

    Thanks for reporting this earlier! I was just about to patch Google Notifier when I noticed this recent comment from tvl, which suggests that the tip’s submitter didn’t do enough research before panicking:

    Actually the writeup isn’t correct. If you look at the traffic, they use https for the login, and use some token in the http request for authorization after the fact (same a what reading gmail via http does). The pref just move this later traffic over https (just like using https for gmail reading does).
  2. Jim Mitchell says:
    7/11/07 at 11:45 am

    Thanks, James. That totally makes sense. I should’ve clicked through on the article to see if there was any feedback, but was in too much of a rush…