# Android Email Information Leak

When you view a HTML email using Androids standard IMAP client, it loads certain
remote content without warning. This potentially leaks information to the sender
about when a message has been read, and the IP address it was read from.

Images in HTML aren't fetched until you hit the "Show pictures" button, but it
does load remote content from the following two HTML tags as soon as you view
the message, no matter what you do.

```html
<link rel="stylesheet" type="text/css" href="http://tracker.example.com/web-bug?id=xxxxxxxxxx">

<iframe src="http://tracker.example.com/web-bug?id=xxxxxxxxxx"></iframe>
```

I've previously found similar issues in other email clients:

[Apple Mail Privacy Hole](/Apple_Mail_Privacy_Hole) (Fixed for Apple Mail. Not
fixed for iPhone)

[DNS Prefetch Exposure on Thunderbird and
Webmail](/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail) (Fixed in some
webmail clients. Not fixed in Thunderbird)

This bug has been reported to Google