The Skype Android app appears to have a big old hole in it that could allow a malicious actor (and we don’t mean Christopher Lee) to access personal data.
Android Police discovered that the Skype Android app has SQLite3 databases which store your information and chat logs and that Skype has not encrypted those files or put structures in place to enforce permissions. Oops!
The bug essentially means a rogue app could slip in and grab your data. Android Police have created an app calle Skypwned which proves the problem is there.
While just asking for basic Android storage and phone permissions, Skypwned is able to grab your full name and phone number and list all your contacts even without your Skype username. Skype is investigating the issue. Let’s hope it plugs that hole sharpish.
Out now | £free | Skype (via Android Police)
