A security firm warns that Microsoft's popular Outlook app for Android lacks necessary encryption assurances.
In a Wednesday (US time) blog post, Include Security revealed two concerning “app behaviors” impacting the email client.
One, an issue where email attachments are stored in a file system accessible to any application or a third party with physical access to the phone; and another, where emails are not stored in a manner that “ensure[s] the confidentiality of messages on the file system of the mobile device”.
To remediate the issue, Include Security recommended that individuals use Full Disk Encryption for Android and SDcard file systems, and that Android users turn off the “USB debugging” phone setting.
As recently as this month, Microsoft “disagreed that [Include's] concern was a direct responsibility of their software", the blog post revealed. Software solutions firm Seven Networks and Microsoft partnered to develop the Android app.