Feeds

Skype plugs Android privacy flaw

Less paranoia

Secure remote control for conventional and virtual desktops

Skype has plugged a privacy flaw in the Android version of its VoIP telephony software.

The update plugs a hole that created a possible mechanism for third-party apps to get access to private data (name, phone number, chat logs etc) held on the Skype directory on Android devices.

The security problem was discovered by independent software developer Justin Case and first reported on the Android Police smartphone security blog last weekend.

A rogue app could harvest a treasure trove of sensitive data, without root access or any special permissions, simply because Skype had made the mistake of storing personal data in a openly accessible and unencrypted files.

Skype’s chief information-security officer Adrian Asher acknowledged the flaw while stressing that the mobile telephony outfit has not come across any examples of its misuse by third-party malicious applications, though it would continue to monitor the situation. The firm advised users to download its software from the official Android Market or via Skype's web site, rather than unlicensed channels.

The updated smartphone software - released on Wednesday - also allows US users to piggyback onto 3G networks when making calls over Skype. Previously this facility, which users outside the US would take for granted, was only available from a select set of phones on the Verizon network, relegating other stateside users to Skype calling only when they accessed the service over Wi-Fi networks.

Skype-to-Skype calls and text are free, but there's a fee if you want to call landlines or mobiles outside the service. ®

Intelligent flash storage arrays

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Broadband sellers in the UK are UP TO no good, says Which?
Speedy network claims only apply to 10% of customers
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.