The fear of lack of app security has reached to an extent where Outlook mobile app had to be banned from usage! The European Parliament has now blocked Outlook mobile app for all types of smartphones at various organizations, companies and institutions. It was found that that data and user credentials are being stored in the cloud, bypassing a number of security policies. Users were also further recommended that they delete the app from their device and change their password.

Microsoft recently acquired Accompli on which the Outlook app technology is based. Obviously, this means it has also inherited a lot of its privacy policy and behaviour. When notifications are being delivered to a device, email data has to flow through Microsoft servers as well as the company servers which means any password or encryption measure becomes useless.

Thus, even the educational institutions like the University of Wisconsin have asked to block the apps for usage by their students, especially campus leaders, campus IT and those who have been affected. Developer Rene Winkelmeyer discovered the flaw after finding he was still receiving notifications despite deactivating his device. He has urged all firms to block the app from accessing company mail servers until Microsoft rectifies the situation.

What specific did the University of Wisconsin worry about?

The login method of Outlook mobile app is on cloud service, which totally holds the ability to seek all the information from the users. Outlook mobile app stores the NetID and password in a cloud service. Additionally, it allows users to connect to their personal Dropbox, Google Drive and OneDrive accounts allowing them to share information with consumer cloud services and open up files on corporate networks, posing a range of security risks. Also, multiple iOS devices cannot be distinguished due to an issue with ActiveSync, meaning administrators cannot see the difference between an iPhone and an iPad.

Subho Halder, Chief Security Scientist at Appknox said that often businesses and institutions assume that companies like Microsoft cannot go wrong with such security issues. He added that he has himself discovered threats in applications made by Microsoft, Apple, Adobe, Facebook and many more.

Microsoft doesn’t make any claims around the devices to follow their ActiveSync security policies when the app is installed. It is thus the company’s responsibility to take time out and investigate the security of products before using them. This could be done either directly by raising questions with the app’s developers, or through third parties who can investigate the security of products.

Well, if you’d like to know if that enterprise app that you are using is safe or not, just sign up for a free scan with us and we’ll tell you whether you’d be affected by it or not,

As for businesses and app developers, mobile app threats are becoming common and are crossing boundaries. So, keep your consumer’s data safe by making sure your app is secured before you face any attempt to hack.