Microsoft launched new Outlook apps for iOS and Android just over a week ago. The new apps are basically a rebranded version of a mail app made by Acompli, a company Microsoft bought in December for a reported $200 million (€176 million).
Access to the apps though was blocked on Friday (6/02/2015) by the Parliament’s IT department, DG ITEC, in order to protect the confidentiality and privacy of its users, according to an email seen by the IDG News Service.
“Please do not install this application, and in case you have already done so for your EP corporate mail, please uninstall it immediately and change your password,” it said.
The apps will send password information to Microsoft without permission and will store emails in a third-party cloud service over which the Parliament has no control, DG ITEC added in a message on the Parliament’s intranet.
Microsoft’s new Outlook app acts as an email inbox for Exchange, Outlook, iCloud, Google and Yahoo mail accounts.
The service retrieves incoming and outgoing messages, calendar data and address book contacts and pushes them securely to the app. Those messages, calendar events, and contacts, along with their associated metadata, “may be temporarily stored and indexed securely both in our servers and locally on the app on your device,” according to Acompli’s privacy policy. Email attachments will also be temporarily stored on its servers.
Email accounts that use Microsoft Exchange require users to provide email login credentials, including username, password, server URL, and server domain, it said, adding that other accounts such as Google Gmail accounts using the OAuth authorisation mechanism do not require to store a password.
Each user’s credentials are double-encrypted using a server per-account unique key and then using a client device unique key, therefore the credentials can only be unlocked by the collaboration of both the server and the app at runtime, according to Acompli’s security page.
It is not just the European Parliament though that thinks this is not secure enough, a number of other organisations have banned the new Outlook app because of how it stores passwords.
The University of Wisconsin for instance announced last week it would start blocking the app as of Monday. The app stores login information in the cloud, which clearly poses a security risk because the cloud service is not overseen by the University, it said in a blog post, adding that other universities are having similar issues.
In the Netherlands, the Delft University of Technology reportedly also started blocking the apps because they store contact data and passwords in the cloud.
A Microsoft spokesman said the app’s security and privacy capabilities, as well as the controls available to IT administrators, meet the company’s thresholds. If customers have concerns though, they can follow guidance on Controlling Device Access on Microsoft TechNet to block the app and continue using the Outlook Web Access (OWA) for iPhone, iPad, and Android apps, he added.
Loek Essers, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers