Skype Plugs Android App Privacy Hole
Less than a week after confirming that a flaw in Skype for Android could leak sensitive user information, the Internet calling company Wednesday issued an urgent update to fix the problem.
Skype informed customers that "After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version [220.127.116.113] as soon as possible in order to help protect your information."
[HISTORY: Smartphone security follies ]
Skype says it has had no reported examples of third-party apps misusing information from the Skype directory on Android devices, though it is keeping an eye on things. The flaw left exposed a user's name, e-mail address, contacts and chat logs.
The Android Police blog, which originally revealed the Skype flaw, says the fix works: "Skype has changed the permissions of the databases (which contain the personal information) in question." However, it warned that the update will not "remedy the vulnerability on the leaked video version of the app, so continued use is at your own risk."
[PRODUCT ROUNDUP: 8 Android apps for IT]
And perhaps in an effort to make up for the security shortcoming, Skype has incorporated support for 3G VoIP calling in its updated software. Previously, calling in the U.S. was mainly available only for Verizon customers or via Wi-Fi.
It's safe to follow Bob on Twitter
Read more about anti-malware in Network World's Anti-malware section.