Yesterday we invited everyone to join us on the Outlook Mobile App Challenge, which seemed like a fun way to put this new ‘universal inbox’ app to the test. Since then some significant security concerns have been identified that makes this an app that we cannot recommend using right now. As a result, we’re stopping the challenge immediately.
There are a bunch of articles that discuss the issues, but the one at Tom’s Hardware really lays them out nicely, saying amongst other things:
“What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud! They haven’t asked me. They just scan. So they have in theory full access to my PIM data,” said Winkelmeyer in a blog post.
I have removed the app from my iPhone, iPad, and Galaxy Tab Pro … and suggest everyone else do the same until such a time as these issues are properly addressed.
I just looked at my Gmail user logs and I assume what is the Outlook mail client usage is not using personal credentials, but OAuth, which is very different. Still, it appears that they are downloading your mail and storing it on servers, which does seem very fishy. Unfortunately, once that’s happened, even if you revoke access, the cat is out of the bag, isn’t it? They have full access to all of those messages, even if you do remove the account.
BTW, to revoke access, go here: https://security.google.com/settings/security/permissions?pli=1 and look for “outlook”
I am not sure if it matters or not, but before uninstalling the Outlook app, I uninstalled each account from the app — checking the option to delete all local and server stored info. Thanks for the “revoke access” reminder.
What a bummer; I liked this app on iOS, even if I preferred Gmail on Android. Now it’s back to the Gmail app on both. =P
Thanks for that! I agree that it is perhaps overblown, but for me it just isn’t worth it.