New ask Hacker News story: MS Teams data not encrypted on Android
MS Teams data not encrypted on Android
4 by XiS | 2 comments on Hacker News.
Am I missing something, or is MS Teams data NOT encrypted at rest on Android? This morning I received yet another Teams update on my Android phone. Starting Teams after an update sometimes takes ages, as was the case today. I was presented by a loading screen with a message like "Encrypting your data" (I don't remember the exact phrasing). Because I was annoyed by the wait, I decided to have a quick look around in the Teams data folder to verify this claim. Not before long I stumbled upon a db file databases/SkypeTeams.db and decided to have a look at it. To my surprise this isn't an SQLCipher db or anything, its a plain SQLite db containing all my (unencryped) messages (https://ift.tt/3vMsNLq). Granted, you need root to access these files. But isn't it a bit disingenuous to display messages about encrypting data and making statements like "Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest." on your security compliance page (https://ift.tt/2D74qkx).
4 by XiS | 2 comments on Hacker News.
Am I missing something, or is MS Teams data NOT encrypted at rest on Android? This morning I received yet another Teams update on my Android phone. Starting Teams after an update sometimes takes ages, as was the case today. I was presented by a loading screen with a message like "Encrypting your data" (I don't remember the exact phrasing). Because I was annoyed by the wait, I decided to have a quick look around in the Teams data folder to verify this claim. Not before long I stumbled upon a db file databases/SkypeTeams.db and decided to have a look at it. To my surprise this isn't an SQLCipher db or anything, its a plain SQLite db containing all my (unencryped) messages (https://ift.tt/3vMsNLq). Granted, you need root to access these files. But isn't it a bit disingenuous to display messages about encrypting data and making statements like "Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest." on your security compliance page (https://ift.tt/2D74qkx).
Comments
Post a Comment