back to article Outlook-on-Android alternative 'Nine' leaked Exchange Server creds

Staff logging into Exchange Server through a popular app could have placed their enterprise credentials at risk through a since-closed vulnerability. The Nine app which has clocked up to a million downloads on the Google Play store would shout Microsoft Outlook login credentials over insecure connections thanks to a bug that …

  1. Phil W

    "Attacks are unlikely but should serve as a warning for those using third-party apps to access corporate credentials."

    Third-party apps as opposed to the 'official' Microsoft Outlook for Android app which is actually just a third party app Microsoft bought and rebranded, which in its original incarnation used AWS to store your credentials and a certain amount of your mail. It still does that now, although it uses Microsoft's own cloud services now I believe, it's still holding your data on servers outside of your control and outside of your country potential violating data protection laws depending on where you are based.

    1. Richard 12 Silver badge

      Nice of Microsoft to mention that.

      Oh. Seems they don't.

      Although nobody should be using the Outlook app anyway, because it's terrible.

      1. Phil W

        "Although nobody should be using the Outlook app anyway, because it's terrible."

        Honestly from a usability point of view I don't think it is terrible, particularly for free, as long as you're not concerned about the whole cloud storage thing.

        I was using the official Outlook app quite happily for my personal mail until I bought Nine to use for my work email, because once you've bought it, why not use it for all compatible email accounts.

        1. John 104



          No, its terrible. Nothing so useful as getting a mail notification in your bar only to see that the mail doesn't show up in your inbox when you go to read it. That's when I bought Nine and have been loving it since.

          1. MrT

            Re: Terrible

            I bought Nine earlier this year when Google knacked up the Exchange Services doohickey in Android 6, binning the phone contacts and stopping that well-know third-party email app 'Gmail' from collecting Outlook365 mail. The handset goes on WiFi at work or at home, everywhere else is on 4G (no coffeshops). It is the best mobile email client I've used - the developer seems responsive, the new calendar widget works well, and there's just the Gmail access which Google blocked a while back which stops me merging everything into it.

            It might not be the best choice out there, but I don't often pay for apps like that - it impressed me enough to shell out the $9.99 back when that still meant about £6.50 ;-)

  2. 1Rafayal

    I always used Aqua mail, but I am intrigued by this app.

    Hopefully they will get this sorted, then I can take a look.

    1. Phil W

      It says in the article, they already have

      "could have placed their enterprise credentials at risk through a since-closed vulnerability"

  3. dmacleo

    been using touchdown for years on 'droid devices, has worked well but have not checked to see if they suffer from same issue.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021