Microsoft recently acquired the mobile application Acompli and has rebranded it as “Microsoft Outlook” for iOS and Android. This is a concern for staff and faculty at UBC who choose to use the application, because it is not compliant with the Freedom of Information and Protection of Privacy Act (FIPPA) and UBC information security policies and standards.
After analyzing the app, several privacy concerns have been raised, including:
- The app stores a copy of the user’s credentials on servers outside of Canada
- Message content is stored on servers located outside of Canada (FIPPA violation)
- After an account is deleted, Microsoft’s servers continue to attempt to retrieve email
- The app does not enforce ActiveSync security policies (e.g. device passcode requirements, ability to wipe remotely, etc.)
We are currently looking for a way to automatically block the app from accessing FASmail and will block it as soon as possible. If you have already downloaded the app, we recommend that you immediately change your CWL password and delete the Outlook app.