...
The app needs to retrieve the server's private S/MIME and/or PGP keys in order to decrypt or sign emails. The private keys are read from a password protected keystore. In order to retrieve the server's private S/MIME and/or PGP keys from the keystore, the app must use a password. The apps stores an encrypted version of the password in the system properties of the platform application. The platform application usually stores these properties in a database.
Since encrypted Encrypted passwords should not be considered 100% securenot more than disguised to protect them from inadvertently getting disclosed. To properly protect the passwords, access to the database used for database must be limited to the platform application should be protected accordingly.
Email storage
The app encrypts all emails on the fly, meaning that emails are not stored by the app, neither encrypted nor unencrypted.
...