Skype for Android security flaw: What you need to know

A recently discovered flaw allows the popular VoIP app to expose your personal data to malicious apps.

A recently-discovered vulnerability in Skype's Android app could allow malicious apps access to your personal data. Here's what you need to know about this flaw and how to protect yourself.

What's the Problem?

The problem with Skype for Android, as was discovered by AndroidPolice.com, is the way that the app stores your personal data. That data includes everything from your Skype username, contacts, profile, and instant message logs to far more sensitive information, such as your account balance, full name, date of birth, address, phone numbers, e-mail address, your biography, and more. Also at risk is similar data about your contacts.

Whew.

According to AndroidPolice.com, "Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted."

That means that, if you were to unknowingly download a malicious app, it could be used to access all of that information from your phone. Your credit card data is not at risk, but -- as you can see -- plenty of personal information is up for grabs.

What Apps are Affected?

AndroidPolice.com found the problem when testing out a leaked version of the new Skype Video app. But they quickly discovered that the same flaw was apparent in the standard version of Skype for Android, which has been available since October 2010. That means that all of the app's users could be affected.

How Can You Protect Yourself?

Skype's official response notes that the company is "working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application."

For now, Skype suggests the following remedy: "To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device."

The question is, of course, how do you know which apps are malicious, and which ones aren't? It's not always easy to tell -- something many users discovered last month when dozens of malicious apps were pulled from the Android Market.

But there are steps you can take to keep yourself safe. First, you should research each and every app you install on your phone. That means looking into the app itself and its developer, not just reading the user reviews posted in the Android Market.

You also want to check the permissions of any app you're running on your phone. As soon as you install an app on your Android phone, you'll see a screen telling you what the app will access -- anything from your location to your network communication and phone calls. Don't just click through this screen: read it carefully and make sure the app in question actually needs all of the data it is accessing. (If you want to check the access of apps that are already installed, you can do so by going into Settings and then selecting Applications on most Android phones.) Do not install or remove any apps that request questionable permissions.

You may also want to consider installing a mobile security app, like Lookout Mobile Security, on your smartphone.

These tips will do more than just protect you from this recently-discovered Skype flaw; they offer some of the best ways to keep your Android phone safe at all times.

Join the PC World newsletter!

Error: Please check your email address.

Tags wireless technologytelecommunicationhardware security componentssecurityvoipAndroidPhonesmobile securitywireless securityskypeconsumer electronics

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Liane Cassavoy

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?