Microsoft’s Outlook app for Android exposes e-mails to hacking, reports Include Security
Security research firm, Include Security, has shockingly revealed that Microsoft’s Outlook.com app for Android-based smartphones is prone to exploitation. The fact that it stores email attachments in the file system area of Android OS means these are exposed to any rogue/third party app that has access to users’ smartphones. The issue particularly affects users on versions of Android prior to 4.4 (KitKat).
“This app is described as having been created by Seven Networks in conjunction or in association with Microsoft (i.e., it looks as if it was outsourced),” Include Security was quoted as saying in a blog post. Ondevice email storage has nothing to ensure the privacy of messages and attachments, said the firm. Since emails are stored on the appspecific file system, the PIN code feature of Microsoft’s app can protect only the graphical user interface. Evidently, the PIN code feature of the app cannot ensure the privacy of messages on the file system of the smartphone. “We feel users should be aware of cases like this as they often expect their phone’s emails to be ‘protected’ when using mobile messaging applications,” the firm added.
Microsoft, on its part, has denied any such privacy concerns being a direct result of its own actions. “We use a variety of security technologies and procedures to help protect your personal information from unauthorised access, use or disclosure,” Microsoft was quoted in a statement. “Additionally, customers who wish to encrypt their email can go through their phone settings and encrypt the SD card data,” it added.