Microsoft Office Outlook Mobile App Banned by European Parliament!

Reading time: Reading time 2 minutes

The fear of lack of app security has reached to an extent where Outlook mobile app had to be banned from usage! The European Parliament has now blocked Outlook mobile app for all types of smartphones at various organizations, companies and institutions. It was found that that data and user credentials are being stored in the cloud, bypassing a number of security policies. Users were also further recommended that they delete the app from their device and change their password.

Microsoft recently acquired Accompli on which the Outlook app technology is based. Obviously, this means it has also inherited a lot of its privacy policy and behaviour. When notifications are being delivered to a device, email data has to flow through Microsoft servers as well as the company servers which means any password or encryption measure becomes useless.

Thus, even the educational institutions like the University of Wisconsin have asked to block the apps for usage by their students, especially campus leaders, campus IT and those who have been affected. Developer Rene Winkelmeyer discovered the flaw after finding he was still receiving notifications despite deactivating his device. He has urged all firms to block the app from accessing company mail servers until Microsoft rectifies the situation.

What specific did the University of Wisconsin worry about?

The login method of Outlook mobile app is on cloud service, which totally holds the ability to seek all the information from the users. Outlook mobile app stores the NetID and password in a cloud service. Additionally, it allows users to connect to their personal Dropbox, Google Drive and OneDrive accounts allowing them to share information with consumer cloud services and open up files on corporate networks, posing a range of security risks. Also, multiple iOS devices cannot be distinguished due to an issue with ActiveSync, meaning administrators cannot see the difference between an iPhone and an iPad.

Subho Halder, Chief Security Scientist at Appknox said that often businesses and institutions assume that companies like Microsoft cannot go wrong with such security issues. He added that he has himself discovered threats in applications made by Microsoft, Apple, Adobe, Facebook and many more.

Microsoft doesn't make any claims around the devices to follow their ActiveSync security policies when the app is installed. It is thus the company's responsibility to take time out and investigate the security of products before using them. This could be done either directly by raising questions with the app’s developers, or through third parties who can investigate the security of products.

Recent updates

The problems for Microsoft Outlook didn't seem to end even until recently when it was notified that a hacker was accessing some Outlook accounts since January 2019. The webmail credentials of a support agent were stolen and as a result, the hacker was able to gain unauthorized access to several user accounts between January and March 2019. Microsoft officials reported that the hacker could have gained access to email addresses, email subject lines, and folder names but not the complete details and content of the emails and their attachments.

The number of users impacted by the breach was still not known to the company. The company also had no information about the hackers or what the purpose behind the attack really was. According to Microsoft, the hackers weren't able to gain personal user information or login details. However, as a caution, the company has advised Outlook users to change their passwords.


Well, if you'd like to know if that enterprise app that you are using is safe or not, just sign up for a free scan with us and we'll tell you whether you'd be affected by it or not,

As for businesses and app developers, mobile app threats are becoming common and are crossing boundaries. So, keep your consumer's data safe by making sure your app is secured before you face any attempt to hack.

Published on Feb 13, 2015
Harshit Agarwal
Written by Harshit Agarwal
Harshit Agarwal is the co-founder and CEO of Appknox, a mobile security suite that helps enterprises automate mobile security. Over the last decade, Harshit has worked with 500+ businesses ranging from top financial institutions to Fortune 100 companies, helping them enhance their security measures.
Beyond the tech world, Harshit loves adventure. When he's not busy making sure the digital realm is safe, he's out trekking and exploring new destinations.


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now