The European Union Parliament has Outlook for iOS and Android blocked. According to reports they have called on their IT department to block Outlook access to its Exchange servers so that the new Outlook app cannot access the servers.
It is to be noted that the Outlook app for iOS and Android was fairly new from Microsoft after it purchased Accompli and rebranded it Outlook. According to the Accompli Privacy Policies, the users’ login credentials and some other information is stored in cloud and is indexed as well. This clause has created worries over the security that Outlook for iOS and Android can provide.
Besides the login credentials, calendar events, contacts etc are also stored on the cloud, which, according to the EU Parliament, is not safe and hence it has got it blocked. The EU Parliament, in an email, says that it has blocked the access “in order to protect the confidentiality and privacy of its users”. It further asks members to remove Outlook from their devices and change the password immediately.
“Please do not install this application, and in case you have already done so for your EP corporate mail, please uninstall it immediately and change your password,” the email said.
The email and other information on Outlook is stored on a third-party cloud service, which is not under the control of EU Parliament and hence it could be risky for the members and other staff to use the application.
Other than EU Parliament, some other organizations too, have blocked access for Outlook for Android and iOS to their servers. The University of Wisconsin, for example, has also asked their IT people to block Outlook access to their network servers citing the same reasons. Some other academic institutions have also been reported to block Microsoft’s Outlook for iOS and Android after the EU Parliament blocked it.
At the time of writing this article, Microsoft has yet to answer/comment on the alleged flaw. Security experts, meanwhile, have urged organizations not to assume that any application would be automatically be in line with their security guidelines and policies.
The security firm MWR Infosecurity said that Microsoft is not guaranteeing that Outlook will follow the guidelines of their ActiveSync security policy when installed on Android or iOS. It further states that organizations should take time to investigate the security policies of any app they are considering for network usage by contacting third party security agencies or by contacting the developers of the app directly.