Microsoft Outlook Mobile Application - Security Warning

Microsoft recently acquired the mobile application Acompli and has rebranded it as “Microsoft Outlook” for iOS and Android. This is a concern for staff and faculty at Saint Mary’s who choose to use the application, because it is not compliant with the Personal Information International Disclosure Protection Act (PIIDPA).

The main privacy concerns that were identified include:

• The app stores a copy of the user’s credentials on servers outside of Canada
• Message content is stored on servers located outside of Canada (PIIDPA violation)
• After an account is deleted, Microsoft’s servers continue to attempt to retrieve email
• The app does not enforce ActiveSync security policies (e.g. device passcode requirements, ability to wipe remotely, etc.)

If you have already downloaded the app, we recommend that you immediately delete the Outlook app and change your Saint Mary’s S# password. At this time, using the native email application on your mobile device is the only supported (and safe) option.