Skype admits to security vulnerabilities in Android app


Internet telephony services provider Skype confirmed reports that its application for Android devices contains a flaw that could give criminals access to private user information including names, email addresses, contacts and chat logs. The flaw, first reported by Android Police, grants malicious third-party Android apps access to locally stored Skype user files including cached profile information and instant messages.

"We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application," writes Skype Chief Information Security Officer Adrian Asher on the company's blog. "To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device."

Skype's response did not sit well with data security solutions provider Sophos. "What is being called a vulnerability in the Android version of Skype could simply be written up as sloppy coding at best, or disrespect for your privacy at worst," writes Sophos' Senior Security Advisor Chester Wisniewski on the firm's blog. "How you would implement that advice [to take care in downloading and installing apps] is difficult to know, as an application wishing to steal your Skype information doesn't require special permissions. I think the safest advice is simply to remove Skype from your Android until we can be satisfied that the problems have been resolved."

Earlier this year, Google (NASDAQ:GOOG) pulled a host of free applications from its Android Market storefront following reports that the apps were infected with malware. More than 50 Android apps--credited to developers Kingmall2010, we20090202 and Myournet--are said to contain the DroidDream malware, which seeks to gain root access to the user's device, collecting a range of available data and downloading more malicious code to the smartphone without the consumer's knowledge or consent. Although Android's open-source ethos is credited as a primary catalyst behind the operating system's enormous growth, malware threats underline the challenges inherent in maintaining an open mobile ecosystem.

For more:
- read this Computerworld article
- read Skype's official response

Related articles:
Skype acquires mobile video sharing startup Qik
Google nukes dozens of Android apps after malware scare
Google activates Android Market app kill switch