Microsoft Outlook Android App – Security Blunders

The source site is a bit sketchy, but it appears to be verified. I can understand storing unecrypted data on the shared storage space for throwaway social apps, but for Outlook, this is inexcusable. Microsoft’s response is to suggest people use full-device encryption (something I would also suggest, as lockscreen PINs/codes are not difficult to overcome – but it’s not without it’s drawbacks). Using Android’s built-in secure app storage space is also an option, but let’s not common sense get in the way of middle-management. This is either incompetence or devious handicapping, neither of which bodes well.

“We’ve found the following two behaviors of the app:

  • The email Attachments are stored in a file system area that is accessible to any application or to 3rd parties who have physical access to the phone. 
  • The emails themselves are stored on the app-specific filesystem, and the “Pincode” feature of the Outlook.com app only protects the Graphical User Interface, it does nothing to ensure the confidentiality of messages on the filesystem of the mobile device. 

We feel users should be aware of cases like this as they often expect that their phone’s emails are “protected” when using mobile messaging applications.”

Read More

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s