Skype Vulnerability Exposes Personal Details, Phone Data

Android vulnerabilities are out in the wild and there is one more to add to the list. Skype for Android is potentially vulnerable. So much so, that it exposes personal data to any app asking for it. Data is left out in the wild and the app stores it with improper permissions allowing access from any other rouge app. In short, any other app installed on your phone can steal your personal Skype data without you knowing about it.

The credit for finding this exploit goes to Justin Case from Android Police. He has gone far enough to create a proof of concept app that demonstrates this vulnerability. His exclusive coverage and tests can be found on this post.

You can see the exploit at work in this YouTube video.

Case has also proposed a solution to the problem saying,

First, they can use proper file permissions, second, they should probably implement some type of encryption scheme, and third, they need to have their applications reviewed for security issues prior to release.

Skype is extremely popular for its encryption of voice channels. Though, Skype for Android was taken lightly and this has brought it a lot of bad press. I totally agree with Justin Case and Skype should really consider testing its apps on other platforms for security before releasing them to the public.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.