- Jan 24, 2011
- 9,378
What is being called a vulnerability in the Android version of Skype could simply be written up as sloppy coding at best, or disrespect for your privacy at worst.
Justin Case at Android Police did some poking around when he found a leaked version of the beta version of Skype that will allow video conferencing on Android devices.
He discovered that just about all the information in your Skype profile, except for your credit card number and password, was stored insecurely by the application.
This allows any application on your phone to simply read, or copy that information wherever they like without any special "root" access or other trickery.
Case thought that this must only be the case for this pre-release copy, but to his dismay it is configured the same way in the current production releases of the Skype for Android product (except the Verizon version).
Case created a proof-of-concept application to demonstrate the weakness in Skype's security. His application can show you your name, address, account name, phone numbers and contacts (and their details) all without any special permissions.
Worst yet, information like your instant messaging chat logs are fully available as well. His application doesn't show those, but none of the Skype data stored on Android handsets appears to be encrypted.
More details - link
Justin Case at Android Police did some poking around when he found a leaked version of the beta version of Skype that will allow video conferencing on Android devices.
He discovered that just about all the information in your Skype profile, except for your credit card number and password, was stored insecurely by the application.
This allows any application on your phone to simply read, or copy that information wherever they like without any special "root" access or other trickery.
Case thought that this must only be the case for this pre-release copy, but to his dismay it is configured the same way in the current production releases of the Skype for Android product (except the Verizon version).
Case created a proof-of-concept application to demonstrate the weakness in Skype's security. His application can show you your name, address, account name, phone numbers and contacts (and their details) all without any special permissions.
Worst yet, information like your instant messaging chat logs are fully available as well. His application doesn't show those, but none of the Skype data stored on Android handsets appears to be encrypted.
More details - link
