Access to the apps though was blocked on Friday by the Parliament’s IT department, DG ITEC, in order to protect the confidentiality and privacy of its users, according to an email seen by the IDG News Service.
“Please do not install this application, and in case you have already done so for your EP corporate mail, please uninstall it immediately and change your password,” it said.
The apps will send password information to Microsoft without permission and will store emails in a third-party cloud service over which the Parliament has no control, DG ITEC added in a message on the Parliament’s intranet.
Microsoft’s new Outlook app basically acts as an email inbox for Exchange, Outlook, iCloud, Google and Yahoo mail accounts.
Email accounts that use Microsoft Exchange require users to provide email login credentials, including username, password, server URL, and server domain, it said, adding that other accounts such as Google Gmail accounts using the OAuth authorization mechanism do not require to store a password.
Each user’s credentials are double-encrypted using a server per-account unique key and then using a client device unique key, therefore the credentials can only be unlocked by the collaboration of both the server and the app at runtime, according to Acompli’s security page.
It’s not just the European Parliament though that thinks this is not secure enough: a number of other organizations have banned the new Outlook app because of how it stores passwords.
A Microsoft spokesman said the app’s security and privacy capabilities, as well as the controls available to IT administrators, meet the company’s thresholds. If customers have concerns though, they can follow guidance on Controlling Device Access on Microsoft TechNet to block the app and continue using the Outlook Web Access (OWA) for iPhone, iPad, and Android apps, he added.