Gmail now supports AMP for Android and iOS

Google is rolling out its dynamic mail feature for Android and iOS. The new update by Gmail allows the users to integrate the interactive dynamic web-like experience with the email without switching to an external browser.

The AMP for emails was launched by Gmail earlier this year on July 2, 2019. The pros of dynamic emails are far more than plenty. For example, dynamic email provides the ease of taking action directly from the email body rather than switching to a different window. May it be RSVP for an event, a survey, or browsing a catalog; everything can be done from the message itself. The feature also keeps every thread up-to-date. So, instead of getting multiple emails for say, when someone mentions you in a comment in Google Docs, you’ll receive a single updated thread in Gmail, which will allow you to take some action against the comment from within the message.

The feature did not fail to impress notable brands at its preview stage as many brands such as, Oyo Rooms, Freshworks, Despegar, Doodle, Ecwid, Nexxt, Freshworks, Redbus, and Pinterest decided to go along with the AMP for Email via support from Gmail. Also, many third-party email products such as SparkPost, Litmus, Twilio Sendgrid, Amazon SES, and Pinpoint have also decided to receive support.

Although a pretty convenient feature, AMP is already in use by other email providers, one of which is Microsoft. During Outlook’s developer preview, Microsoft introduced the AMP support for emails. Russia’s and Yahoo Mail are some other examples of mail providers that already support AMP.

The dynamic feature in Gmail is by default ON, unlike Microsoft, where the feature is by default off. If the user doesn’t want to access the feature, they need to turn it off in Gmail manually.

Gmail product manager, Aakash Sahney said in an interview, “Over the past decade, our web experiences have changed enormously — evolving from static flat content to interactive apps — yet email has largely stayed the same, with static messages that eventually go out of date or are merely a springboard to accomplishing a more complex task. If you want to take action, you usually have to click on a link, open a new tab, and visit another website.”

But there was a twist. We all know that no changes can be introduced without any glitches whatsoever. When the tech giant switched to dynamic mail last July, a vulnerability was found, which made its users vulnerable to phishing and hacks. The flaw was known as XSS or cross-site scripting. Reported by Google Vulnerability Reward Program in August, the flaw allowed hackers to create HTML elements and perform DOM Clobbering.

To add dynamic HTML contents to emails, you need to reference it from JavaScript. This made it easier for an arbitrary JavaScript code to be added in between the code. The vulnerability found in AMP4Email was identified by Michał Bentkowski, Chief Security Researcher at Securitum. Apparently, the id attribute was allowed in tags, which made it possible for a third party to add their own id attributes to elements. This resulted in ‘undefined’ being added to the URL when a certain JS file was loaded.

The bug has since been patched by Gmail, making the new dynamic mail more secure than ever. The new feature will pave the way for marketers to extend the life of their advertisements if used correctly.

Leave a Comment

Your email address will not be published.