IT Security: problematic mobile application

Microsoft has just announced the release of “Outlook for iOS” and a preview of “Outlook for Android” ^[1], compatible with the majority of devices (smartphones & tablets) running under those operating systems. The application claims to offer an improved user experience and is fully compatible with all the features offered by our official mail service, Microsoft Exchange.

Unfortunately, a technical analysis of the application showed that the user credentials (GASPAR username & password) were stored on servers operated by Microsoft in the US and/or other countries. Moreover, Microsoft servers might download and store a copy of all email/contacts/calendar data. In short, they have complete, unrestricted access to the user’s mailbox.

This is a clear violation of the EPFL security policy and the IT security team has already taken some technical measures to block any connection made from Microsoft to the EPFL email infrastructure. Your cooperation is greatly needed and IT security experts urge you not to install the application on your devices.

If you’ve already installed the app on your smartphone or tablet, please be so kind as to get in touch with the VPSI Service Desk by phone (1234) or by email at [email protected]. The support personnel will help you get rid of the application and help you change your GASPAR password.

^[1]https://play.google.com/store/apps/details?id=com.microsoft.office.outlook et https://itunes.apple.com/app/id951937596