Skype for Android Security Flaw: What You Need to Know
By Liane Cassavoy
A recently-discovered vulnerability in Skype’s Android app could allow malicious apps access to your personal data. Here’s what you need to know about this flaw and how to protect yourself.
What’s the Problem?
The problem with Skype for Android, as was discovered by AndroidPolice.com, is the way that the app stores your personal data. That data includes everything from your Skype username, contacts, profile, and instant message logs to far more sensitive information, such as your account balance, full name, date of birth, address, phone numbers, e-mail address, your biography, and more. Also at risk is similar data about your contacts.
According to AndroidPolice.com, “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted.”
That means that, if you were to unknowingly download a malicious app, it could be used to access all of that information from your phone. Your credit card data is not at risk, but — as you can see — plenty of personal information is up for grabs.
What Apps are Affected?
AndroidPolice.com found the problem when testing out a leaked version of the new Skype Video app. But they quickly discovered that the same flaw was apparent in the standard version of Skype for Android, which has been available since October 2010. That means that all of the app’s users could be affected.
How Can You Protect Yourself?
Skype’s official response notes that the company is “working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application.”
For now, Skype suggests the following remedy: “To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device.”
The question is, of course, how do you know which apps are malicious, and which ones aren’t? It’s not always easy to tell — something many users discovered last month when dozens of malicious apps were pulled from the Android Market.
But there are steps you can take to keep yourself safe. First, you should research each and every app you install on your phone. That means looking into the app itself and its developer, not just reading the user reviews posted in the Android Market.
You also want to check the permissions of any app you’re running on your phone. As soon as you install an app on your Android phone, you’ll see a screen telling you what the app will access — anything from your location to your network communication and phone calls. Don’t just click through this screen: read it carefully and make sure the app in question actually needs all of the data it is accessing. (If you want to check the access of apps that are already installed, you can do so by going into Settings and then selecting Applications on most Android phones.) Do not install or remove any apps that request questionable permissions.