A new security vulnerability has been discovered on the official Skype application for Android that potentially allows malicious apps to steal personal data.
Exposed by the hawk-eyed Android Police, the hack involves snooping into various sensitive files that have been left unprotected in a Skype directory that also happens to be named with your username.
Justin Case of Android Police, who unearthed the hole, said: “Inside the Skype data directory is a folder with the same name as your Skype username, and it’s here where Skype stores your contacts, your profile, your instant message logs, and more in a number of sqlite3 databases.
“Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted.”
Skype has already told Android Police that it is looking into the matter. The VOIP giant will be glad it was saved an embarrassing, if not hugely damaging, situation had it not been found by someone with less than noble intentions.
For those who are currently using Skype on their Android smarties, unless you have nothing to hide from the world, it would be advisable to uninstall the app and delete any cached data just to stay on the safe side until Skype has issued a patch to fix the problem.