What considerations should privacy-minded people take into account to make this decision?
For context, I’m using FairEmail because K-9 doesn’t seem to be able to move to a desired folder multiple emails at a time. K-9 doesn’t use OAuth, so I don’t have a choice to make there.
However, FairEmail does use OAuth. And, when reading about OAuth, it apparently is safer than the alternative. This alternative is either using the main account (with no 2FA) or using an app-specific password (with 2FA activated).
Hearing this, it would be a no-brainer for me to choose the OAuth, but the issue is that Google only lets you do OAuth if the app is downloaded from the Google Play Store and if the account is set up as a phone-wide account. Ouch.
And yet I wonder if the security of OAuth is so much greater that I should forget about the alternative.
This only doesn’t work while you’re in the “Unified Inbox”-view. You could be selecting mails from different accounts, so it can’t really just move mails in bulk. I guess, it could handle that more gracefully, but that’s the reason why they haven’t implemented it in that view.
And, I’m not informed enough about OAuth to have a true opinion, but this feels like the old “X is safer, if you don’t consider $BIGCORP an attack vector”.
And yeah, I’m always cautious with that, since a lot of these opinions come from the US, which don’t have privacy standards to begin with, and will only really have their own intelligence agencies (NSA, CIA, FBI) ruffle through their data, and of course because many US-Americans are a bit too supportive of their regional monopolists.