Privacy flaw in Skype Android app exposed

Malicious apps can sneak in and steal your Skype info

Skype "working to protect you" from vulnerability.

Skype has acknowledged a dangerous flaw in its Android app which leaves the private data of its users open to be exploided by malicious apps.

While the app itself hasn't been giving the data up to snoopers, the design of the app leaves a database file unencrypted, leaving things like your username and password, email address, address and phone number exposed.

.relatedLinksLeft { font-size:12px; width:300px; margin:12px 12px 12px 0; float:left; padding:0px 0px 10px 0px; background:#ececec; } h3.rlTitle {margin:0px; display:block; padding:5px 0 4px 15px !important; background:#ddd; }

If a user has a malicious app installed on their Android phone then those details can be pilfered and sent back to the shady individual in question.

In a brief blog post, Skype has said it is "working to protect you from this vulnerability."

The flaw was discovered by the super sleuths at AndroidPolice.com who posted the following information:

"The most interesting file one can gain access to is main.db. The accounts table in this database holds information such as account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, your webpage, your bio, and more.


"The Contacts table holds similar information, but on friends, family and anyone else in your contact list (that is, more than Skype exposes on other users publicly). Moving further along, looking into the Chats table, we can see your instant messages – and that's just the tip of it. Scary.


"This means that a rogue developer could modify an existing application…, distribute that application on the Market, and just watch as all that private user information pours in. While the exploit can't steal your credit card info, the data it's harvesting is still clearly very private (chat logs linked back to your real name, address, and phone number)."

Link: AndroidPolice