Skype for Android is vulnerable
User data exposed
The Android Police report says user IDs, phone numbers, chat logs, and other data is exposed by the vulnerability.
User data is stored unencrypted in sqlite3 databases, and Skype for Android uses improper permissions for these databases. The user ID is stored in a static location, so once it is read, it allows access to these internal databases.
A rogue application is able to access the Skype databases, getting everything from stored user details through to chat logs. Justin Case, who published the vulnerability, has also published a proof-of-concept exploit. ®
Sponsored: RAID: End of an era?