Apple Privacy tags don't tell the whole story with Office

Apple’s new Privacy tags sound like a great idea but they rely on the honesty of app makers (Ha!) The simple labels can cover an enormous amount of privacy intrusion in Microsoft Office and Outlook mobile apps.

The Washington Post is behind a paywall but the ‘general tenor of his spray’ is that each developer is responsible for disclosing the correct Privacy Tags. No-one, not even Apple, checks that the privacy tags are correct and complete for that app.

You’ll be shocked – shocked to learn that some app makers aren’t being fully honest about their Privacy Tags.  (If you aren’t surprised, we have various bridges for sale at reasonable prices).

Geoffrey Fowler compared some App Privacy labels against what data they really shared.  Apps that declared no data shared were really “data vampires, probing our phones to help target ads or sell information about us to data firms and even governments.”.

Microsoft Office apps and Privacy labels

What about the Microsoft Office apps?  What do they disclose in their Privacy Labels and are they accurate?

Well … yes and no.

The Word app is typical of the Office mobile apps:

Some are understandable.  Obviously Word, Excel, PowerPoint and the Office ‘all in one’ app need access to ‘User Content’. ‘Contacts’ for sharing docs with people. 

For some other data types it’s not obvious why Microsoft needs the data to make the Office apps work. 

Why does Microsoft need to know a users location when using Word?  Identifiers and Contact Info (aside from Microsoft 365 login) would seem excessive.  Diagnostics and Usage Data should be optional.

It seems that Microsoft, like many companies, just grab as much customer data as they can lay their hands on.   They can use the private info themselves or aggregate it and sell to others.

Outlook app Privacy Labels

What about the Outlook app that Microsoft promotes heavily.  The same privacy labels show up but they don’t tell the whole story.

The Outlook mobile app is a dreadful privacy lapse that’s not covered specifically by Apple’s Privacy Labels.

Most mail programs (including Outlook for Windows/Mac) connect directly to each mail host.  If you have Gmail, desktop Outlook will use your name/password to connect to Google’s servers.  Same with any other mailbox – Outlook Win/Mac links straight to the mailbox and exchanges mail.

NOT with Outlook mobile app.  It works very differently.  All mail and data traffic goes through Microsoft’s servers, even for non-Microsoft mailboxes.   That means your login details are saved on Microsoft servers. All your mail, calendar and contacts get routed through Microsoft too.  The data is secure ‘in transit’ but can be read ‘in the clear’ on Microsoft’s systems.

Microsoft could be compelled to copy your Outlook data to government agencies or law enforcement.

Presumably all that is covered by the simple ‘User Content’ Privacy label.  But those two words don’t begin to cover the deep intrusion by Microsoft with their Outlook mobile app. / Hotmail mailbox size shock and how to fix it
All mailbox limits (& how to find yours) in and Microsoft hosting
How to get ‘Plus’ email addresses, the new feature in Microsoft 365 and
Microsoft clarifies cloud service privacy, is it enough?