Apparently, someone over at Skype didn’t do their homework well when they wrote the apps for the Android devices on the market. Skype for Android reportedly has about 10 million users and the personal information of all of those users is open and available for nefarious and malicious apps to steal. The vulnerability surfaced when the geeks over at Androidpolice took the new Skype Video app apart.
The security flay was found in the new Video app and then an investigation of the normal Skype app revealed the same flaw that stems from improper permissions on key files. The files are open and accessible by a properly written app without having to root the device or get any special permission.
The vulnerable files give the nefarious app access to harvest all of the important personal data of the users of the Skype app. The data that can be accessed includes account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, user’s webpage, user’s bio, and more. Skype is reportedly investigating the flaw right now.
[via Android Community]