locked
outlook android v2.2.52 has spyware??? RRS feed

  • Question

  • I am testing an exchange 2016 setup, and using a domain that is not being used and monitor the dns servers. And what is see is that the dns request are not coming from my ip but from these:


    02-Dec-2018 18:09:44.477 queries: info: client 23.103.131.173#5300: view external-view: query: _autodiscover._tcp.xxxxxxxx.xxx IN SRV - (x.x.x.x)
    02-Dec-2018 18:09:44.479 queries: info: client 23.103.131.174#45896: view external-view: query: xxxxxx.xxxxxx.xx IN A - (x.x.x.x)
    02-Dec-2018 18:09:44.557 queries: info: client 13.74.8.17#61985: view external-view: query: xxxxxx.xxxxxx.xx IN AAAA -ED (x.x.x.x)
    02-Dec-2018 18:09:44.570 queries: info: client 13.74.8.17#62234: view external-view: query: xxxxxx.xxxxxx.xx IN A -ED (x.x.x.x)


    Is this even allowed with new European GDPR legislation??
    Sunday, December 2, 2018 5:18 PM

All replies

  • Why not? What part would be in conflict with GDPR according to you?

    The queries are being proxied through Microsoft servers and the IP addresses are within Europe (Hamburg and Dublin).

    It's also perfectly documented within their Privacy Policy. There is even a special section about the Outlook app;
    https://privacy.microsoft.com/en-us/privacystatement#mainoutlookmodule



    Robert Sparnaaij [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

    Sunday, December 2, 2018 7:46 PM
  • Why not? What part would be in conflict with GDPR according to you?


    Because it is normal not to do this.

    Maybe you understand if better if I use this analogy:

    Is it comon for you, to use a proxy (lets say your neighbour) sleeping with your wife?

    If you flag this post, I take it you agree with me.

    Sunday, December 2, 2018 9:17 PM
  • That analogy doesn't make any sense, and it is not just because of your grammar and spelling errors.

    You are using cloud based features within a client. As neither the client itself nor your own server offers these features, how do you think those features should be processed without proxying it through said cloud provider? This type of proxying and access delegation is perfectly normal for many rich/modern apps and services (especially AI) which add features or information to existing or static information and data.

    And again, it is clearly stated within the Privacy Policy that this is being done and also which personal information is stored within the service, so it all complies with GDPR. If you don't (or your company doesn't) agree with this policy, then don't use the app; You are free to choose.



    Robert Sparnaaij [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

    Sunday, December 2, 2018 10:43 PM
  • That analogy doesn't make any sense, and it is not just because of your grammar and spelling errors.

    The analogy is good, I had to choose something more understandable to you. With all your points here, I can only assume you have taken the 'red pill' and I totally indoctrinated by the 'microsoft monopoly'

    You are using cloud based features within a client.

    Not, I am testing with an hosted exchange environment (locally, and with restricted internet access). If outlook is working on macos and windows10, I expected it also to work on android. It is not my fault microsoft is trying to mix this with other cloud services.
    or your company doesn't) agree with this policy, then don't use the app; You are free to choose.
    I am not free to choose, because microsoft has been frustrating opensource initiatives dating back to hp openmail and scalix, resulting in the current day monopoly (with limited choice) And FYI your holy bible the microsoft license agreement, it really doesn't matter what is written there, if it is against the law it is against the law. Perfect example is how Apple tried to limit their warranty to one year, which has been overruled by European legislation, to multiple years for their products. There is no technical need for bypassing someones dns settings. Thus it is just for data harvesting.
    Monday, December 3, 2018 9:22 AM
  • It is not my fault microsoft is trying to mix this with other cloud services.

    So that is actually what you are against; That there is no option to turn the Outlook App back into a "dumb" app without all the Cloud/AI features. You can submit that as a feature request via UserVoice but in this case, I'd rate the chance of it being implemented quite low.

    In that case, the Outlook App isn't a match for your organization but there are many mail clients out there (including most of the native Mail apps on Android) which support EAS and can make a direct connection to your Exchange server. When compared to the Outlook app, you'd of course be missing several features.

    or your company doesn't) agree with this policy, then don't use the app; You are free to choose.

    I am not free to choose, because microsoft has been frustrating opensource initiatives dating back to hp openmail and scalix, resulting in the current day monopoly (with limited choice) And FYI your holy bible the microsoft license agreement, it really doesn't matter what is written there, if it is against the law it is against the law. Perfect example is how Apple tried to limit their warranty to one year, which has been overruled by European legislation, to multiple years for their products. There is no technical need for bypassing someones dns settings. Thus it is just for data harvesting.

    Again, yes, you are free to choose any client as there are many alternatives out there which also offer EAS, IMAP and POP3 support to connect to your Exchange server so there is no monopoly in this area.

    And also again, your analogy doesn't hold. Of course the law wins from any EULA; That wasn't in question. You still haven't pointed out what exactly is against the GDPR. You only state or assume it is without backing it up with any facts. There is no bypassing of any DNS setting involved here; The cloud service portion of the Outlook app is trying to access your server on behalf of the client and uses the Autodiscover service to locate the server so it queries DNS for its address.

    If you want to work with any simplified analogy at all; It's more like you wanting to use Google Search to search through a specific website instead of the native search offered by the website. That will only work when Google Search can access and index the website. Therefor you'll also see DNS queries coming from Google and HTML traffic for the Googlebot. The website owner is still in control about whether or not to allow this behavior.

    And don't start about any pills again as it will only bring attention to your tinfoil hat.



    Robert Sparnaaij [MVP-Outlook]
    Outlook guides and more: HowTo-Outlook.com
    Outlook Quick Tips: MSOutlook.info

    Monday, December 3, 2018 11:17 AM