Review: PGP Encryption Comes to iOS With Canary Mail

Canary Mail is a new email app for Mac and iPhone that not only gives you tools to manage your inbox, but also brings PGP encryption to the table. Some email apps I’ve used tend to be big on features. Other apps tend to be big on privacy or security. But Canary is able to provide a nice balance of good security and features.

App Features

Canary Mail has plenty of features that lets it compete with other email apps:

  • Natural Language Search
  • Smart Filters
  • Bulk Cleaner: Algorithms that learn which emails are likely to be more important
  • One-tap unsubscribe from newsletters
  • Integrations with third-party apps like Google Drive, Dropbox, Todoist, Things, iCal, Google Calendar, Giphy, Keybase & MIT

Canary Mail works with the email providers you already use. Gmail, iCloud Mail, Office 365, and Yahoo email accounts are all supported. Another feature I thought was handy: read receipts. This lets you know when your email has been opened. You don’t have to wonder if your recipient read your email anymore.

Searching for emails and email attachments using natural language is intuitive. I can type “PDFs from Bob last week” or “emails last month” and the app provides the relevant emails. With the Focused Inbox feature, the app tries to put what it thinks are the most important emails first. Canary also includes what it calls “intelligent typography enhancements [to] ensure optimum readability.”

With the Bulk Cleaner, you can tap on a wand icon. The app’s algorithms then try to find the emails that it thinks are likely to be unimportant. You can perform bulk actions on these like archiving, deleting, or moving to another folder. I find this especially handy when managing emails from multiple accounts.

A feature I haven’t seen in any other email app is email templates. If you routinely provide the same response to emails, you can save it as a template so you don’t have to type it out every time. The integrations with third-party services is nice, but I’ve never sent a GIF from Giphy in an email before, so that personally wasn’t important to me. But you might find it useful.

PGP Encryption

The feature that stood out the most to me, and what Canary markets, is PGP. This stands for Pretty Good Privacy, and it’s an encryption scheme that lets you send and receive encrypted email. It uses several technologies, like symmetric-key cryptography and public-key cryptography to achieve this. When you set it up, you are given what is called a public key and private key.

You share the public key associated with your account with anyone you want. This key is used to encrypt your emails. The private key is kept private and not shared with anyone. This key is used to decrypt emails. If a person wants to send you a PGP-encrypted message, they use your public key to encrypt it. When you receive it, the system uses your private key to decrypt it. Since your public and private keys belong to you, emails encrypted with your public key can only be decrypted with your private key.

Screenshot of the sidebar in Canary Mail app.

Canary manages your keys behind the scenes, so you don’t have to fuss with advanced features if you don’t want to. But if you do, you can get the option to manually manage your keys. If you already have existing PGP keys, you can import them into Canary using iTunes. Key search uses MIT and Keybase keyservers. Canary uses an open-source version of PGP called ObjectivePGP. The app handles key exchange automatically. As long as your email recipients also use PGP, the emails will be end-to-end encrypted.


Screenshot of the email inbox in Canary Mail app.
Main unified inbox

Privacy Policy

Since Canary approached me saying that their app was about privacy and security, I wanted to take a look at its privacy policy. The company has a detailed privacy policy that tells you how your information is collected, and where it is processed. Canary says that it doesn’t store any of your email credentials or information. It connects directly with each email provider.

Some personal data is collected by Google Analytics, HockeyApp, and Apple’s TestFlight (if you signed up for the beta). Data collected include cookies, usage data, email addresses, unique device identifiers, and geographic location. Privacy-conscious individuals should be aware that the majority of data processing, hosting and infrastructure is in the U.S. However, Canary makes it clear that users can find out if their data has been stored:

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.

Screenshot of the PGP options in Canary Mail.
PGP signing methods

The Data Controller and owner is Mailr Tech LLP. Contact at [email protected]. Canary Mail is available for iOS at US$4.99, and macOS at US$9.99.

Update – 10/4/2017

Canary says that it doesn’t collect your email address unless you opt-in to the company’s newsletter. In addition, analytics are collected using anonymized IP addresses. The company even says it plans to let users disable analytics altogether in the next update (it’s currently in beta).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.