A recently-discovered vulnerability
in Skype's Android app could allow malicious apps access to your personal data. Here's what you need to know about this flaw and how to protect yourself.
The problem with Skype for Android, as was discovered by AndroidPolice.com
, is the way that the app stores your personal data. That data includes everything from your Skype username, contacts, profile, and instant message logs to far more sensitive information, such as your account balance, full name, date of birth, address, phone numbers, e-mail address, your biography, and more. Also at risk is similar data about your contacts.
According to AndroidPolice.com, "Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted." That means that, if you were to unknowingly download a malicious app, it could be used to access all of that information from your phone. Your credit card data is not at risk, but -- as you can see -- plenty of personal information is up for grabs. What Apps are Affected?
AndroidPolice.com found the problem when testing out a leaked version of the new Skype Video app. But they quickly discovered that the same flaw was apparent in the standard version of Skype for Android
, which has been available since October 2010. That means that all of the app's users could be affected. How Can You Protect Yourself? Skype's official response
notes that the company is "working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application."
For now, Skype suggests the following remedy: "To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device."