The Microsoft Outlook apps for Android and iOS have serious security flaws. The free Outlook app "New Outlook" for Windows 10 and 11, which has recently become available, takes over this vulnerability.
The app grants Microsoft cloud services full access to all associated email accounts, regardless of whether they are Exchange or IMAP/POP3 accounts. In the context of Leipzig University, this affects access to the UL Exchange server, the central Server1 and Studserv accounts as well as decentralised mail servers of the institutions. Passwords and contents of email accounts are transferred to Microsoft servers.
To ensure data protection and confidentiality, the use of these apps for work email accounts is not permitted! With the personal user ID and password, you also give away access data to other services of the University Computer Centre, e.g. VPN access, eduroam and other logins. Passing on personal access data is prohibited in accordance with § 3 paragraph (3) point 5 of the ICT user regulations.
If you already use this application for your e-mail, please delete Microsoft Outlook on your mobile device. You should then change your password.
What software can I use instead?
Licensed Outlook versions (2016, 2019, Office 365) and the Outlook Web App (OWA) are not affected by this vulnerability. Various open source mail programmes (e.g. Mozilla Thunderbird) also allow access to IMAP/POP3 accounts and, to a limited extent, to Exchange mailboxes (mail only, no calendars etc.).
Thank you in advance for your understanding and co-operation.