Microsoft Outlook App Security Alert

Microsoft recently acquired the mobile application Acompli and has rebranded it as “Microsoft Outlook” for iOS and Android. This is a concern for staff and faculty at UBC who choose to use the application, because it is not compliant with the Freedom of Information and Protection of Privacy Act (FIPPA) as well as UBC information security policies and standards.

The main privacy concerns that were identified include:

• The app stores a copy of the user’s credentials on servers outside of Canada
• Message content is stored on servers located outside of Canada (FIPPA violation)
• After an account is deleted, Microsoft’s servers continue to attempt to retrieve email
• The app does not enforce ActiveSync security policies (e.g. device passcode requirements, ability to wipe remotely, etc.)

We are currently looking for a way to automatically block the app from accessing Faculty & Staff Email (FASmail) and will block it as soon as possible.  After it is blocked, if you try to access your FASmail account through the Microsoft Outlook App you will not be able to sign in and you will receive an email notice that the connection from Microsoft Outlook for iOS or Android has been blocked due to security policies.

We are currently reviewing other email applications to determine any other privacy or security concerns. For updated information on the Microsoft Outlook App block, please visit the FASMail Privacy Concerns webpage.

If you have already downloaded the app, we recommend that you immediately change your CWL password and delete the Outlook app. At this time, using the native email application on your mobile device is a safer option.

If you have any questions, please contact the IT Service Centre Help Desk at 604-822-2008 or fill in a Contact Form.