Forum Moderators: bakedjake
Names, e-mail addresses, phone numbers, contacts, and chat logs are all reportedly ripe for the picking in Skype's Android app, thanks to a vulnerability that could affect millions of users.
Android Police's Justin Case discovered the vulnerability after downloading a leaked version of Skype Video and poking around. He then found the same exploit in Skype for Android, which has been available since October 2010. Skype Mobile for Verizon is not affected by the vulnerability.
The problem is that Skype keeps the user's profile information in a data directory with improper permissions, and stores the username in a static location. A malicious app, therefore, could parse out this data with a bit of code. Same goes for Skype's table of contacts and chats. The vulnerability doesn't expose passwords or financial information, just a wealth of personal data and private communications.
