K-9 mail fails to encrypt emails by default, even with "Autocrypt mutual mode" enabled

K-9 mail fails to encrypt emails by default, even with “Autocrypt mutual mode” enabled

Expected behavior

When sender and recipient have both enabled “Autocrypt mutual mode”, encryption should be enabled by default and the “green lock” symbol should appear when composing messages.

Actual behavior

Encryption is not enabled by default - the “grey struck-through lock” symbol may be shown, but sometimes no lock symbol is shown at all.

Steps to reproduce

1. Enable autocrypt mutual mode under Settings > Account Settings > Cryptography > Autocrypt mutual mode
2. Compose a new message to a recipient who has also enabled autocrypt mutual mode and you’ve exchanged encrypted mail with (or just compose an email to yourself)
3. Observe that it does not encrypt by default

Environment

K-9 Mail version: 5.503

Android version: 7.1.2

Account type (IMAP, POP3, WebDAV/Exchange): IMAP

Additional notes

This just further highlights the problems created by the imprudent decision to remove encryption by default and the dubious justifications for doing so.

Consider the issues posed by “non-consensual encryption by default” (as the aforementioned blog post pejoratively and misleadingly calls it):

“Encrypted messages cannot be viewed in all clients and especially web clients, full-text search is typically restricted, and if the user loses access to their keys there might be unintended loss of messages.”

Now compare those to the potentially catastrophic (perhaps even life threatening) consequences of failing to encrypt sensitive information when the user is expecting it to do so by default (or forgets to click the dim, inconspicuous, and easily overlooked grey lock icon) and it should be patently obvious that the consequences of the latter scenario are FAR more severe than the relatively inconsequential “convenience” issues of the former.

If you can only optimize for one, mitigating the latter by enabling encryption by default (thus putting the onus on the user to manually disable it if they don’t want it) should take full precedence over any concerns about convenience. To do differently is to have priorities that are completely disjointed from the realities faced by the vast number of people who elect to use encryption to protect their communications in the first place. It doesn’t just “break the workflows of a couple of users”.

Ideally, both can be satisfied by allowing the user to choose the default behavior that suits them in the settings. But when the setting fails to work, as it did in this case, not encrypting by default means that it fails-deadly.

Please consider this and restore the sensible, fail-safe encryption by default.