Microsoft Outlook for Android leaves emails exposed

By on
Microsoft Outlook for Android leaves emails exposed

A security firm warns that Microsoft's popular Outlook app for Android lacks necessary encryption assurances.

In a Wednesday (US time) blog post, Include Security revealed two concerning “app behaviors” impacting the email client.

One, an issue where email attachments are stored in a file system accessible to any application or a third party with physical access to the phone; and another, where emails are not stored in a manner that “ensure[s] the confidentiality of messages on the file system of the mobile device”.

To remediate the issue, Include Security recommended that individuals use Full Disk Encryption for Android and SDcard file systems, and that Android users turn off the “USB debugging” phone setting.

As recently as this month, Microsoft “disagreed that [Include's] concern was a direct responsibility of their software", the blog post revealed. Software solutions firm Seven Networks and Microsoft partnered to develop the Android app.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?