Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Governance, Risk and Compliance, Compliance Management, Privacy, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Outlook Android app leaves emails exposed, security firm finds

A security firm warns that Microsoft's popular Outlook app for Android users lacks needed encryption assurances.

In a Wednesday blog post, Include Security revealed two concerning “app behaviors” impacting the email client. One, an issue where email attachments are stored in a file system accessible to any application or a third party with physical access to the phone; and another, where emails are not stored in a manner that “ensure[s] the confidentiality of messages on the file-system of the mobile device.”

To remediate the issue, Include Security recommended that individuals use Full Disk Encryption for Android and SDcard file systems, and that Android users turn off the “USB debugging” phone setting.

As recently as this month, Microsoft “disagreed that [Include's] concern was a direct responsibility of their software," the blog post revealed. Software solutions firm Seven Networks and Microsoft partnered to develop the Android app.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.