Apps moving your email password to their own servers without asking, is that OK?
I have been trying some email apps to replace Mail for the POP missing email issue and one thing I noticed is that the notifications are very quick... too quick? I was disturbed to find that several (highly ranked) apps have copied my username & password to their own company servers to provide quicker notifications. They did this without even asking me! Some of these apps say they use OAuth tokens for some account types, but even so, that still means they can still read all of my emails, and the other account types are using a password and that is stored off of my device. I found foreign IP addresses in my email account security logs straight after adding my account to the app.
I now only trust apps that state they don't move your passwords. Why do no apps state they DO move your password in their description, when they do?
I know for sure I don't trust just any company that can put an app on the store, and even if it is a bigger company, do I trust every member of their staff and what about if they get acquired? Who looks after all of my email data? Do they store my emails? How secure is their system?
Why don't they even bother to ask us if this is OK? Is this considered OK with most people or is it just expected behavior these days?