Apart from that, Include Security also mentioned, “The emails themselves are stored on the app-specific filesystem, and the ‘Pincode’ feature of the Outlook.com app only protects the Graphical User Interface, it does nothing to ensure the confidentiality of messages on the filesystem of the mobile device.”
This particular filesystem issue will only affect those who run on anything before Android 4.4 KitKat – which is a large percentage the last time I checked, so hopefully it will be fixed sooner rather than later. Android 4.4 KitKat is not affected by this potential security flaw because it has forced apps to actually have private folders in the built-in storage area of the Android-powered device.
Microsoft response concerning this particular issue? “Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For people using the Outlook.com app for Android, applications run in sandboxes where the operating system protects customers’ data. Additionally, customers who wish to encrypt their email can go through their phone settings and encrypt the SD card data. Please see Microsoft’s online privacy policy for more information.”