A security research firm has exposed the Outlook.com Android mobile app does not do anything to_ensure confidentiality of messages and attachments within the phone filesystem itself. The application we’re discussing here is_Outlook.com_free email service’s_mobile client_offered by Microsoft. This app_is described as being created by Seven Networks_in conjunction or in association with Microsoft (i.e. looks like it was outsourced.) The app_allows users to access their Outlook.com email on Android devices. In the course of our research we found that the on-device email storage doesn’t really make any effort to ensure confidentiality of messages and attachments within the phone filesystem itself. After notifying Microsoft (vendor notification timeline is found at the end of this post) they disagreed that our concern was a direct responsibility of their software, in light of similar problems with iOS being deemed a concern by privacy advocates we thought it’d be a good idea to share what we see with the Outlook.com app. Here are the issues they found with the app, We’ve found the following two behaviors...

The rest of the story...
Microsoft News