[aptwebapps]

I don't see much difference in the distinction between the client software (written by Mimestream, probably with regular updates) having access to your account, which it obviously has to has, and Mimestream having direct access. But IANA security researcher, so salt liberally.

[vladgur]

I mostly agree -- it takes a level of trust to provide your credentials to a third party app.

However, there are precautions that you can do to minimize the risk of your credentials used without your authorization with a local client software:

1) requiring multi-factor authentication when credentials are used from a new location/device/ip... 2) A local firewall(like little snitch for osx) that surfaces any unexpected outbound requests.

These obviously wont be much help if you grant some other server permission to access your email.

[njhaveri]

Tokens are granted to the app running on your Mac, not a service. There's definitely no Mimestream-run service component with access tokens to your account.

One tip - on the Google OAuth sign-in page, you can inspect the URL's query component to see the redirectURL parameter, and you'll see where Google will send the token. In Mimestream's case, it is <long-custom-scheme>:/oauthredirect, which is a custom scheme registered with macOS by the app, so macOS shows you the "Do you want to allow this page to open Mimestream" prompt.

This being said, you are totally correct, when you use any closed-source app like this that you did not build yourself, you are placing trust in the developer, and you are wise to be cautious.

In my opinion, there are still several practical security/privacy downsides to apps that run intermediary services with access to (or copies of) your email: - A larger attack surface (the intermediary service) for an adversary to take advantage of, and one that is probably less hardened than Gmail - A larger bug surface, as the service could potentially accidentally expose your data to another user (and this sort of bug _has_ happened in the past to others). - Google probably has serious policies/systems in place for preventing a curious (or disgruntled) employee from reading your unencrypted email. Hopefully. That level of sophistication seems less guaranteed from a small company, and it's completely invisible to you as a user.