[potatolicious]

Sure, but that's also like saying "car accidents are inevitable, so let's not put on our seat belts".

A basic bit of security, especially one that doesn't put any more load on the user (to have to maintain or set up) is a pretty big no-brainer. Raising the bar for a successful hack is also worth doing when the cost is a single line of code and no effort on the user's part.

[DanBC]

If we're using analogy it's more like telling bicycle riders to use anti-puncture tape. Sure, it'll reduce the chance of getting a puncture but does nothing when they go under a truck.

What's on offer here? 10 minutes extra tamper resistance? For a protocol which is inherently insecure?

[potatolicious]

What's on offer here is the ability to exclude a large class of attackers entirely - script kiddies with a commonly available file explorer tool.

Sure, if you're the CEO of some big company and a skilled attacker really wants at your email, this is only a stopgap - but this is also sufficient to stop less proficient attackers entirely. For most people this is all they need.

> "it's more like telling bicycle riders to use anti-puncture tape."

If anti-puncture tape has literally no downsides whatsoever to the bicycle rider's experience, and costs nothing, then yes. Why wouldn't you have it?

[Blahah]

Actually a small class of attackers - script kiddies with a commonly available file explorer tool and physical access to your phone.

[bjustin]

Email in may not be generally secure but it is still easier to plug a phone into a computer than to access someone's email account without knowing their credentials. 10 minutes could be the difference between someone copying your emails from your lost iPhone and said person being unable to copy anything because you remote wiped your phone.