[AusNOG] Outlook Mobile (OT)
Philip Loenneker
Philip.Loenneker at tasmanet.com.au
Fri Dec 17 15:01:15 AEDT 2021
Hi Graham,
I don't know if this is still the case, but the original "Outlook" app for mobiles saved your credentials on a server and downloaded to there, then synced it down to your device. I think they did that so they could do things like push notifications when you get an email, which doesn't work if it runs locally and the app isn't allowed to run in the background. That was before Microsoft bought the app, but I haven't looked at it at all since then.
Where I was working at the time, we were justifiably concerned by this "feature", advised everybody to not use it, and blocked it from working on the corporate Internet service.
It is possible that it operates differently now, but from what you described, it sounds like they still do the same thing.
This rather old blog post discusses some of the security concerns, but it's from 2015 and may be completely irrelevant now.
https://4sysops.com/archives/is-microsofts-outlook-app-for-ios-and-android-insecure/
Regards,
Philip Loenneker| Senior Network Engineer
TasmaNet | Vastnet | Netmode
-----Original Message-----
From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Graham Maltby
Sent: Friday, 17 December 2021 2:35 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] Outlook Mobile (OT)
Importance: Low
Afternoon all,
While attempting to sort out some autodiscover / activesync processes last night, I installed Outlook on my mobile (current Android version from the Play Store). Setup and an account and logged in.
To my dismay, I find my phone is not connecting over the LAN to the server 4m away but instead a server in Seoul, South Korea is connecting and downloading my mail instead. Aside from the woeful performance, it raises a lot of concerns with privacy, security and data sovereignty.
The most annoying part (if that was not sufficient), is that 14 hours after deleting the account from "all devices" and uninstalling the app, the server is still logging in and collecting mail now (or was until I changed the password).
Is this common knowledge I have just missed all these years?
Is there a reason the media are not making noise about this?
Does nobody care because it's pretty?
I have very low expectations when it comes to Microsoft but this poor by any measure.
Graham
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
https://aus01.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.ausnog.net%2Fmailman%2Flistinfo%2Fausnog&data=04%7C01%7Cphilip.loenneker%40tasmanet.com.au%7Cc78698f33b944aa750c408d9c10e5b4c%7Cb53dc580ab7847208b30536f36d398ac%7C0%7C0%7C637753089685219848%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=4mr8ny9ODSiKpYpshRZ0eVceTabA95bJbmfw7qhk0KI%3D&reserved=0
More information about the AusNOG
mailing list