While Skype has become an easy way for users to communicate and keep in touch with one another, a vulnerability discovered in the Android version of the application may have users sharing more than they intend.
Justin Case, a writer for Android Police discovered the hole after poring over a beta version of the program downloaded April 11. By creating an application that crawled the database files created by the Skype program, Case was able to harvest a great deal of data, little of which was protected. This includes the user's profile information, conversation logs, account balance, addresses, and cell phone number.
Case found a similar vulnerability in the latest official version of Android's Skype app, released last fall. Because the files were not given the proper permissions, his program was able to scan the files unimpeded, proving that the same could be done by other, less scrupulous hackers. Fortunately, Case noted, the exploit does not expose users' credit card information.
Skype as already responded to the discovery. We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application, said Chief Information Security Officer Adrian Asher.