New Outlook phone app may be insecure
Posted: Thu 19 Feb 2015, 1:39pm.
Microsoft's new Outlook app for the iPhone and Android devices has been shown to store its users' data, including usernames and passwords, in a way that is potentially insecure. Until we can be sure that the University's data is adequately protected, we have decided to block the app from connecting to the staff mail system.
The block will come into force on Tuesday 24 February, preventing the app from communicating with the Exchange mail and calendaring system at Sussex. The measure will also ensure that new users will not be able to add their Sussex accounts.
This change will only affect Sussex data so you will still be able to use the app for other accounts if you wish, although a number of Universities and organisations are taking similar precautions. Microsoft are looking into the issues that have been raised and we hope to be able to restore access soon if they can be resolved.
The Outlook app for iOS and Android, which was launched at the end of January, is based on Acompli, a service that Microsoft purchased in December last year. The app works by saving a user's login details on a cloud storage service and although the credentials are encrypted, the practice makes accounts more vulnerable. The provider also stores a user's emails and attachments on its servers and examines the contents in order to build search indexes.
If you've been using the Outlook app, simply deleting it from your device is not sufficient to wipe your credentials from the remote servers. The providers recommend that to completely delete your details, you need to use the app's settings to remove the account:
iPhone/iPad
- open the Outlook app
- select Settings (bottom right)
- tap on your Sussex account to highlight it and tap Remove Account
- choose From Device & Remote Data
Android
- open the Outlook app
- select Settings from the menu button (top right)
- tap on your Sussex account and then choose Remove Account from Device and Remote
This should remove all your data from the service but to be completely safe, we recommend you also change your IT password.
Subscribe to our latest news mailing list to receive email alerts of updates.