Apps like Auth are a great fit for Flutter, where desktop support is nice to have. We're also using Flutter for our Photos[1] app, and it has served us well so far. Wherever necessary (cryptography, ML, transcoding, ...), we use a bridge to communicate with the native layer, and Flutter becomes a presentation layer of sorts.

Reg. Gmail marking our verification emails going to spam, we aren't sure what the issue is. We migrated from Zoho to SES recently hoping to fix this, but that has not helped. If anyone here understands email deliverability, please do share your thoughts, we'd be grateful!

We've a migration guide from Authy here[2]. They make it difficult, but it's possible.

[1]: https://ente.io

[2]: https://help.ente.io/auth/migration-guides/authy/

Not an engineer/experienced with email deliverability, but, I _did_ feel something off when I received the Email verification code email (which too was marked as spam by Gmail). Thoughts/observations:

1. The email body is very minimal, which could be a good thing, but, > it did not have the usual trust markers/indicators - no brand logo or name at the top, > a generic envelope/letter icon/image as the largest visual item in the message > just a single "Use this code to verify your email address" line in the message body (except the "ente.io" link at the footer)

2. I did a quick comparison between the Ente verification code emails and some recent verification code emails from other products (Backblaze, Google, Instagram, IBM Security..) > none of them were as barebones/non-descript like the Ente emails. > They had descriptive text that provided a bit of context ("you recently signed up for an account at XYZ with PQR email address, and this code is required to...") > They had the brand identity (Name / Logo) prominently somewhere in the beginning of the message > AND most of them had the company name, registered address, and contact details in the footer. (Adds accountbility/trust?). Some even had links to privacy and support pages.

3. I believe you must have already explored the BIMI, VMC route for the "gmail blue tick".

BIMI + VMC seems like an expensive workaround, we'll first experiment with your first two recommendations. We'll also have to figure out a way to reset the score with Gmail. Hopefully they haven't penalized the whole domain, and a new from-address will do it.

Thanks again for taking the time out to share your thoughts, really appreciate it! :)

1. Unlock the bootloader (if not already done) (this will wipe your device)

2. Install Authy on it and log into your Authy account

3. Root your device (I used Magisk https://github.com/topjohnwu/Magisk)

4. Once rooted, you can access the Authy app data and extract the TOTP secrets, then import them into a different app (there's a script to make this easier here https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d..., but you can also just go exploring manually in the root file system and find the Authy storage file)

It was somewhat of a pain in the ass to do this, but Authy really annoyed me with how difficult they make it to migrate off of their bullshit, so it was worth it to me to finally be able to delete their app after extracting the secrets this way.

I'm currently unable to find a straight forward way of getting data out of Authy, will bump up this thread when I do.

I’ve tried the app a few times over the last couple of years and had a dislike of the UI because it did not _feel_ right, like it was slow or something. I can’t say exactly what.

It is almost certainly because it is using flutter rather than native DOM elements.

(I’ve been keeping track of ente but never quite made the jump - not solely due to the UI though!)