Skype plugs privacy hole in Android application
VoIP app safe for use after urgent update
By Bob Brown | Network World US | Published: 13:12, 21 April 2011
Less than a week after confirming that a flaw in Skype for Android could leak sensitive user information, the Internet calling company issued an urgent update to fix the problem.
Skype informed customers that "After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version [184.108.40.2063] as soon as possible in order to help protect your information."
Skype says it has had no reported examples of third party apps misusing information from the Skype directory on Android devices, though is keeping an eye on things. The flaw left a user's name, email address, contacts and chat logs exposed.
Related Articles on Techworld
The Android Police blog, which originally revealed the Skype flaw, says the fix works: "Skype has changed the permissions of the databases (which contain the personal information) in question." However, it warned that the update will not "remedy the vulnerability on the leaked video version of the app, so continued use is at your own risk."
And perhaps in an effort to make up for the security shortcoming, Skype has incorporated support for 3G VoIP calling in its updated software.