by XiS on 6/24/21, 7:03 AM with 4 comments
This morning I received yet another Teams update on my Android phone. Starting Teams after an update sometimes takes ages, as was the case today. I was presented by a loading screen with a message like "Encrypting your data" (I don't remember the exact phrasing).
Because I was annoyed by the wait, I decided to have a quick look around in the Teams data folder to verify this claim. Not before long I stumbled upon a db file databases/SkypeTeams.db and decided to have a look at it. To my surprise this isn't an SQLCipher db or anything, its a plain SQLite db containing all my (unencryped) messages (https://upload.disroot.org/r/5Uh2dP_c#d3OZUXXQQwHoIgLTD1gM6F9sVnVg8GWdZerWlfY1Xn8=).
Granted, you need root to access these files. But isn't it a bit disingenuous to display messages about encrypting data and making statements like "Teams enforces team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest." on your security compliance page (https://docs.microsoft.com/en-us/microsoftteams/security-compliance-overview).
by smt88 on 6/24/21, 7:17 AM
The loading message about encrypting your data may have been prepping it for transit, not encrypting on your device's storage.
Keep in mind that the most basic security measure on your Android device is to enable encryption for all of your storage across applications, so your data should be encrypted at rest on your end already.
by mattowen_uk on 6/24/21, 7:33 AM