Feeling responsible regarding security for myself but especially to users I suggested your app. Therefore I have this list I would like to see in a so called “security” update (hopefully):.
1. at least an encrypted email account password it not whole db (especially on desktop version)
2. default connection method set to “SSL/TLS” instead of “Automatic”
3. missing connection option Authentication method “Encrypted password” (see maybe thunderbird connect options for other methods)
4. choosable install path (desktop version)
5. give password stars shown a fix length regardless of the real length of password
6. profile name “My name” with hint text: “(if set this is transferred in the headers too)”
7. an “Emtpy”-button to empty DeltaChat folder on the server manually (without any logic,
only and only for an existing DeltaChat folder, if it does not exists nothing happens)
8. padding (short) messages with random data
9. Make veryfied contact more visible (see that post)
This is to protect me and maybe others to occassionally or accidentally leak secret informations.
This single post need no answers. Each point which is erased or not implemented would make me feel a bit lesser comfortable regarding security (of the otherwise great app).
But sure anyone can continue with adding points to the list or other questions/discussion regarding encryption/security/privacy.