Microsoft PowerPoint (Android / Google Play)

175x175bb (67)

This application is available for Android. This app is designed to provide presentation processor to manage content of files, organize and store all files in one place online as well as offline via official service Microsoft PowerPoint with integrated service OneDrive. The latest build was released on June 16, 2017. Our latest check was performed on Oct 7th, 2016.

Findings Summary

Our examination revealed total 25 items, where were 8 DAR items and 17 DIT items found. Among DAR items were found 0 worst items, 8 bad items, 0 good items, and 0 best items. Among DIT items were found 1 worst item, 0 bad items, 16 good items, and 0 best items.

Below you find 3 infographics summarizing what we described above. Each image provides information about both DAR and DIT items.

 

 

This slideshow requires JavaScript.


Everything presented below is related to well-known CWEs, such as Sensitive data leakage [CWE-200], Unsafe sensitive data storage [CWE-312], Unsafe sensitive data transmission [CWE-319]. You can read more about it here.

Now let’s go deeper and examine each data item’s protection level.

 

Application Description

Let’s cite the description of this application below:

The PowerPoint app gives you access to the familiar tool you know and use across devices. Quickly access PowerPoint to create, edit, view, present, or share quickly and easily from anywhere. Need to access your most recently used PowerPoint Presentation files quickly while on the go? No problem, PowerPoint provides a quick view of the files you have been working on for easy access on any device. Worried about multiple file versions when you work on PowerPoint mobile? Syncing is seamless across devices. Work with anyone and present to anyone, anywhere with confidence. With PowerPoint, your Office moves with you.
PowerPoint lets you make a lasting impression with a powerful and customizable presentations that let you stand out amongst your peers. Now you can create and present with confidence, from anywhere. Making a delightful and impactful presentation had never been so easy, PowerPoint gives you the ability to edit your presentation and customize it on the go, collaborating with others in real-time.
Present with confidence
Never miss a beat with PowerPoint on the go. You can make new presentations or continue working on previously created presentations. PowerPoint syncs your presentations to OneDrive, you can start a presentation using a desktop copy of PowerPoint and then edit and present using PowerPoint Online. With presentation view on any device make your point heard and present it with confidence, all without firing up your laptop.
Make a lasting impression
A beautifully crafted presentation is always a winner. With the powerful and highly customizable experience in PowerPoint, creating presentations that will make an impression and help you stand out is easier than ever. Now you can do it on any device and easily build a presentation
Working with others made easy
PowerPoint makes it easy for you to collaborate your presentations with others. With 1-click sharing quickly invite others to edit, view, or provide feedback on your presentation slides. Easily manage access permissions and see who’s working in your presentation. Stay on top of changes and feedback from other with integrated comments within the presentation slides. It lets you compare the changes to see how your presentation evolved over time.
REQUIREMENTS

  • OS version: KitKat (4.4.X) or above
  • 1 GB RAM or above

To create or edit documents, sign in with a free Microsoft account on devices with a screen size of 10.1 inches or smaller.
Unlock the full Microsoft Office experience with a qualifying Office 365 subscription (see http://aka.ms/Office365subscriptions) for your phone, tablet, PC and Mac.
Office 365 subscriptions purchased from the app will be charged to your Play Store account and will automatically renew within 24 hours prior to the end of the current subscription period, unless auto-renewal is disabled beforehand. You can manage your subscriptions in your Play Store account settings. A subscription cannot be cancelled during the active subscription period.
Please refer to Microsoft’s EULA for Terms of Service for Office on Android. By installing the app, you agree to these terms and conditions: http://aka.ms/eula

 

Protection levels.

Locally stored data (Data-at-Rest, DAR).

Locally stored data groups include Application Information, Credentials Information, Documents Information, Storage Information.
The average DAR value is 3.63 points (6.75 points of system protection and 0.50 points of own protection). It is higher than a typical value (3.5 points, where’s 7 points of system protection and 0 points of own protection).

Items’ GROUP #1 with average value 3.50 points (7 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, extra data found that shouldn’t be accessed where system protection level means – root/jailbreak is required but not possible without wiping device data, and own protection level means – stored as is.

– Application Events (‘Application Information’ Group) – App events referred to user actions ‘n’ activities were done. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers,

– Credentials (IDs) (‘Credentials Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Local ‘n’ Network Paths (‘Documents Information’ Group) – Paths about local or networks directories, folders, files. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers,

– Document List (‘Documents Information’ Group) – The list of documents stored local or synchronized over the Internet. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Document Details (‘Documents Information’ Group) – Common info about documents synchronized or stored locally (properties like size, date and time, etc.). This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Credentials (Tokens) (‘Storage Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on

Items’ GROUP #2 with average value 4.50 points (5 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data available if it’s allowed only and may require user action where system protection level means – stored in temporary folders are cleaning from time to time, and own protection level means – the old algorithm, wrong encryption modes, raw encryption, etc.

– Sync Documents (‘Storage Information’ Group) – Documents synchronized or locally stored on your device as is or converted into another file formats (like.pdf or set of separated jpg file per each .pdf file. This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on

Keep in mind if you’re using some Android devices such Samsung, LG or another device with an unlocked or non-locked loader that allow rooting your device without user action, the system level equals 6 points instead of 7. It means your data can be stolen without involving your actions.

Transferred data (Data-in-Transit, DIT).

Transferred data groups include Analytics ‘n’ Ads Information, Application Information, Credentials Information, Documents Information, Storage Information.
The average DIT value is 4.71 points (5.65 points of system protection and 3.76 points of own protection). It is higher than a typical value (4 points, where’s 4 points of system protection and 4 points of own protection).

Items’ GROUP #1 with average value 5.00 points (6 points of system protection, 4 points of own protection) means data protection levels have following definitions. Frankly talking, data is not available all the time or partially accessed where system protection level means – MITM prevented or fake certificate importing prevented, but plaintext non-protected traffic is intercepted, and own protection level means – bypassed by fake/stolen root certificates.

– Device Data (‘Analytics ‘n’ Ads Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Application Configs (‘Application Information’ Group) – Different configuration files created by your app, perhaps app permissions. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers,

– Credentials (IDs) (‘Credentials Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Passwords) (‘Credentials Information’ Group) – Well-known passwords or PINs you’re using to get access to your account (usually it is worse than tokens because it gives full access to your account). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Credentials (Tokens) (‘Credentials Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Device Data (‘Credentials Information’ Group) – Device ID, Device Name, Device OS Name and Version, and jailbroken/root status. This data item related to mentioned group meant to be any types of credentials including basic (IDs only), passwords, tokens, etc.,

– Document List (‘Documents Information’ Group) – The list of documents stored local or synchronized over the Internet. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Local ‘n’ Network Paths (‘Documents Information’ Group) – Paths about local or networks directories, folders, files. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– URLs (‘Documents Information’ Group) – Different types of URLs referred to your files stored in clouds, profiles, social accounts, media files available online, etc. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Document Details (‘Documents Information’ Group) – Common info about documents synchronized or stored locally (properties like size, date and time, etc.). This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Sync Documents (‘Documents Information’ Group) – Documents synchronized or locally stored on your device as is or converted into another file formats (like.pdf or set of separated jpg file per each .pdf file. This data item related to mentioned group meant to be any documents stored locally, uploaded, downloaded, synchronized in any file format,

– Credentials (Tokens) (‘Analytics ‘n’ Ads Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any info related to analytics services like Flurry, Google Analytics, etc. or advertisements,

– Application Events (‘Application Information’ Group) – App events referred to user actions ‘n’ activities were done. This data item related to mentioned group meant to be any info related to the app, app settings, including installed apps or installers,

– Credentials (Passwords) (‘Storage Information’ Group) – Well-known passwords or PINs you’re using to get access to your account (usually it is worse than tokens because it gives full access to your account). This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on,

– Credentials (Tokens) (‘Storage Information’ Group) – Different tokens used to get access to your account, except for passwords but including app or 3rd party tokens, secret keys, etc. (usually give full access to your account). This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on,

– Sync Documents (‘Storage Information’ Group) – Documents synchronized or locally stored on your device as is or converted into another file formats (like.pdf or set of separated jpg file per each .pdf file. This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on

Items’ GROUP #2 with average value 0.00 points (0 points of system protection, 0 points of own protection) means data protection levels have following definitions. Frankly talking, data ‘as is’ and easily accessed (plaintext, no protection at all) where system protection level means – transferred (or supposed to be) ‘as is’ (plaintext) due to jailbreak/root or preinstalled non-trusted firmware, certificates, etc., and own protection level means – transferred as is, perhaps protection mode turns off or doesn’t exist or info reveal eventually.

– Credentials (IDs) (‘Storage Information’ Group) – Only account IDs like app or 3rd party user IDs including emails, phone number, usernames, etc. (depends on apps). This data item related to mentioned group meant to be any information referred to storage like credentials, settings, documents and so on

Keep in mind if you’re using out-of-date Android < 7.0, the system level equals 4 points instead of 6. It means your data can be stolen with a crafted preinstalled certificate on the device or if someone makes you install a certificate. Also, if you’re using out-of-date Android < 5.0, the system level equals 2 points instead of 4. It means your data can be stolen without involving your actions.

Privacy Policy

Full application privacy policy is available here.

You may find privacy policy details proceeding the link above to compare developer’s vision on data protection with our results.