Home

Share this Story

Skype on Android Might Be One of the Least Secure Apps on the Planet

The over 10 million users of the standard Skype app in the Android market may be leaving their personal information wide open for a potential hacker to easily peruse.  According to our friends over at Android Police, Skype is leaving your contacts, profile, instant message logs, and more without encryption or proper permissions.  Actually, that isn’t even the tip of the iceberg here.  All of your friends’ information, cell phone number, date of birth, etc. etc. can all be exposed without much work by even a novice hacker.

To prove that this information is readily available, AP tossed together a quick app that grabbed everything it asked for from within Skype directories without having root access or any other special permissions.  Pretty shocking, right?  Oh, this also affects the leaked Skype with video as well, but for some reason, Skype made sure to lock down the Verizon version.

Skype is apparently looking into the issue, but for now if you can’t part ways with the app, I’d recommend that you refrain from downloading any odd apps from the market for a couple of days and stick with well-known developers.  Basically, I’m saying that this wouldn’t be the time for a late night “Sexy Girls” search in any Android market.

Via:  Android Police

  • Anonymous

    Tell me that at lunchtime, “Sexy Girls” The research is still ok. Please?
    Adult Board Game

  • Swolfdo

    I downloaded the mega upload version and ran it.  It worked fine and was happy until I read all this crap.  If uninstalled, do they still have access to all the info at the time I installed it?  If so I might as well put it back on.

  • chris

    wtf. but can i at least download one of those jiggly boobs apps from the market?

  • Anonymous

    I didn’t download it and will wait for official app to be released – love my TBolt anyways!

  • ShaneBoddie

    I couldn’t get the video to work on my thunderbolt anyway.

  • Fred

    Speaking of which… is it just me or does the Verizon “leaked” skype version with Video just suddenly stopped working right on TBolt? I can connect using the regular skype client just fine, but the video one just FC’s. Note that it was working perfectly fine 2 days ago when it was “released” on droid-life, but now doesn’t seem to get past the login.

  • Anonymous

    “Basically, I’m saying that this wouldn’t be the time for a late night “Sexy Girls” search in any Android market.”

    Well, my Friday evening has officially been ruined. Thanks Kellex.

  • Anonymous

    Here’s a thought…

    Don’t install sketchy apps.

  • Guest

    Please tell me that lunch time “Sexy Girls” searches are still ok. Please!?

    • Khollis33

      just use flash and the browers….not that i would know anything about that

      • Khollis33

        *browser

  • Anonymous

    Even the latest release for video on Bolt?

    • Mrpicolas

      No vzws version is locked down

      • http://twitter.com/TeamAndIRC ✔ Justin Case

        Verizon only version does not work for thunderbolt.

    • http://beerpla.net Artem Russakovskii

      Yes, that’s how this vuln was found in the first place.

  • http://twitter.com/tomabrad Tom

    I wonder what type of data this can get to. Could it get root and screw up the system, or is it only grabbing info from /data/data/com.skype? If it is getting system info, maybe this could be our way to root gingerbread.

    • http://twitter.com/MarkBennett Mark Bennett

      You don’t need root to exploit the Skype app, and it won’t give an attacker root on your system. Basically what happened is that Skype uses an embedded database called sqlite to store all the information about you and your contacts. They forgot to set file permissions that would make this only readable by Skype so any other app can read the db without root. As well, the contents of the db aren’t encrypted so once an app has the file it can just open up the db and access the same information Skype does.

      • http://twitter.com/tomabrad Tom

        Well then there shouldn’t be much of a problem, it takes about 2 minutes to change the permissions on sqlite reading/writing.

    • http://beerpla.net Artem Russakovskii

      Read the original post at AP – all the details are there.

    • http://beerpla.net Artem Russakovskii

      Read the original post at AP – all the details are there.

  • http://www.facebook.com/profile.php?id=716789798 Lonnie Kerchief

    Anyone else also still skeptical of this new DX Gingerbread coming from “not the usual” leak source? Lord only knows where it might be phoning home to.

    • Anonymous

      Your local market probably has tin foil on sale today too. :P

  • Anonymous

    Meh. It seems like the Android story lately has been fairly templated:

    “[AppName] has been found to be insecure. [AppDeveloper] is checking into it. Don’t download unknown apps.”

    The story should be: You are safe if you don’t download unknown apps. SO DON’T EVER DO IT.

  • DudelikesDroid

    Firsties Friday!

    • Anonymous

      Partying, partying, YEAH! Partying, partying, YEAH!

      • Anonymous

        You did not just do that…..

        • Anonymous

          I unashamedly went there. And I’ll do it again…

          “Fun, fun, fun, fun. Lookin’ forward to the weekend”

          • Anonymous

            tomorrow is saturday and sunday comes after…………wards!

          • Anonymous

            What have YOU STARTED!…LOL

          • Anonymous

            I started AWESOMENESS!!!!

            Kickin’ in the front seat, Sittin’ in the back seat.
            Gotta make my mind up, Which seat can I take?

            BTW, this is a tech blog, I think?!?

          • Anonymous