The folks at Android Police have discovered a vulnerability in Skype for Android that exposes your personal information (contacts, profile, IM logs and other info) in the database files on your phone. The video above demonstrates the vulnerability.The information, they write, is not only accessible but unencrypted, and could allow a rogue developer to modify an app and harvest your private data — including your account information that contains your name, date of birth, mobile phone number and more.
Users would have to download another malicious app for this to happen, but it’s a vulnerability still. The writers have contacted Skype, who say they’re investigating this issue.
Just yesterday we noted how Android apps are sending out data without encryption. Here’s another example of the need for better mobile security and awareness.
So, Android users, be vigilant. If you use Skype on Android beware of downloading any additional apps, perhaps, until Skype releases an official statement and/or fix.