Skype for Android is vulnerable

User data exposed

According to a post at Android Police, confirmed by Skype, the Android version of the popular VoIP app exposes extensive user data.

The Android Police report says user IDs, phone numbers, chat logs, and other data is exposed by the vulnerability.

User data is stored unencrypted in sqlite3 databases, and Skype for Android uses improper permissions for these databases. The user ID is stored in a static location, so once it is read, it allows access to these internal databases.

A rogue application is able to access the Skype databases, getting everything from stored user details through to chat logs. Justin Case, who published the vulnerability, has also published a proof-of-concept exploit. ®

Sponsored: 10 ways wire data helps conquer IT complexity