outlookandroidIn the connected world of apps, there is no 100% guarantee when it comes to ensuring whatever data that you send out or receive is secure. Having said that, according to security firm Include Security, Microsoft’s Outlook.com app for Android has this vulnerability of exposing user’s data. It looks as though the e-mail attachments which the Outlook.com app stashes away in the file system area of the Android operating system is open to just about “any application or to 3rd parties who have physical access to the phone.”

Apart from that, Include Security also mentioned, “The emails themselves are stored on the app-specific filesystem, and the ‘Pincode’ feature of the Outlook.com app only protects the Graphical User Interface, it does nothing to ensure the confidentiality of messages on the filesystem of the mobile device.”

This particular filesystem issue will only affect those who run on anything before Android 4.4 KitKat – which is a large percentage the last time I checked, so hopefully it will be fixed sooner rather than later. Android 4.4 KitKat is not affected by this potential security flaw because it has forced apps to actually have private folders in the built-in storage area of the Android-powered device.

Microsoft response concerning this particular issue? “Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For people using the Outlook.com app for Android, applications run in sandboxes where the operating system protects customers’ data. Additionally, customers who wish to encrypt their email can go through their phone settings and encrypt the SD card data. Please see Microsoft’s online privacy policy for more information.”

Filed in Cellphones . Tags: Android and outlook. Source: blog.includesecurity
User Comments