Protect your data from Skype for Android

The Skype for Android app puts your sensitive data at risk, possibly exposing it to other apps without your knowledge or consent. Skype is working on a fix, nevertheless what should you do meanwhile to protect your data?

The Android Police first uncovered the flaw

Justin Case at the Android Police first uncovered the flaw, and developed an app called Skypwned as a proof of concept to demonstrate how sensitive information just as the Android device owner's full name, phone number, email addresses, contacts, and even Skype chat logs can be accessed without even requiring a username.

The potential data breach is not, nevertheless, a result of a flaw or vulnerability per se, however rather poor security configuration by Skype. Randy Abrams, director of technical education for ESET, explains, "Unlike many Android apps that are written to simply take the data, the Skype app exposes data through sloppy programming practices. It is the difference between malice and incompetence."

Skype Security blog post from Friday

In a Skype Security blog post from Friday, Skype acknowledged the issue. The post states, "We take your privacy very in all seriousness and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application."

Skype recommends that users exercise caution in selecting and installing apps on an Android device to avoid installing malicious apps that might take advantage of the holes in Skype to access exposed information. The problem with that guidance, although, is that there is no way for a user to to tell the truth tell if an app might be malicious or attempt to access the exposed data because no suspicious or additional permissions would be required of such an app.

So, what are Android users supposed to do to watch out for issues like this and avoid installing any malicious apps? Geoff Webb, product marketing director for Credant Technologies says that due to a lack of transparency for how information is stored by mobile apps, it is difficult to know whether an application is secure, insecure, or actively attacking your Android device. Webb cautions that businesses in particular should be more careful about allowing devices like these to connect to the network and access sensitive data of any kind, stating, "Until these devices are being managed and secured in for the time being the same way as your corporate laptop or desktop system, the risk to data on them is going to be high."