Posted by: Tony Bradley
Android, expose, personal data, skype
Got Skype on your Android smartphone or tablet? You may want to reconsider. Engadget reports that the Android Skype app fails to encrypt data or enforce permissions–leaving all of your Skype contact info and chat logs exposed.
The Android Police developed an app called Skypwned to demonstrate. The app only requests basic Android permissions when it installs, yet it can access and display your full name, phone number, email addresses, and list your contacts without even asking for a username.
Skype is investigating the issue, but in the meantime I would suggest uninstalling the Skype for Android app. Now that the information is public and the Skypwned proof-of-concept app is out there, it is probably a matter of hours until more apps hit the wire to “test” this flaw out.