Microsoft's newest email app for iPhones and iPads "breaks" corporate and enterprise security in multiple ways, a developer claims.
The company's Outlook for iOS app, released Thursday, does not "obey the rules of common company security rules," because it takes and stores a user's credentials in its cloud, according to René Winkelmeyer, writing on his blog.
Microsoft released the email management and cloud-based storage access app months after its Acompli buy, which helped the software giant turn the code into a fully-fledged app.
But after digging around in the app's push notifications, he found that his user credentials had been uploaded without the app informing him first.
He claimed that Microsoft could potentially have "full access to my [personal information management] data."
"What I saw was breathtaking," he wrote.
Some commenters on his blog warned that even after deleting the app, their credentials would not be flushed from the cloud.
"All the email and calendar data that was already on the device before I deleted the app was back again," one user said. Another user added: "I went back to check my list of mobile devices and, yup, the 'Outlook' profile had magically reappeared."
Winkelmeyer said users should "block the app from accessing your companies mail servers" until the service is fixed.
We've reached out to Microsoft for comment, but did not immediately hear back.