First: as the late great Douglas Adams said: “Don’t panic!”
This story, while it is of course true, is being reported in a rather alarmist way in many places. Have a look at this article on Mashable.com for a clear explanation of the very limited number of users at risk. If you want to read a more alarmist version with very little detail, visit TGDaily.
Here is the story: multiple sources are reporting that a security threat has been discovered in Skype for Android by someone calling himself (rather amusingly) Justin Case. I bet… reminds me of a girl I knew in school called Annette Curtin. 🙂
“Inside the Skype data directory is a folder with the same name as your Skype username, and it’s here where Skype stores your contacts, your profile, your instant message logs, and more in a number of sqlite3 databases,”
said Mr. Case, posting on the Android Police website.
As the happy owner of a HTC Desire HD on which I often use Skype, I find it rather comforting that there are Android Police out there who are protecting me. This is ethical hacking as it should work… with one small problem. Shouldn’t they have quietly told Skype and let them patch the hole before publicly describing it in detail?
However, this vulnerability can only be exploited if you downloaded a second, malicious app, such as the 21 that Google pulled from the Android store last month. Mashable puts it well:
To be clear, this only impacts Skype for Android users who installed malware from the Android Market or from various third-party app stores. Even then, it isn’t certain that this information was accessed. Still, any users who downloaded those apps should change their password, and check their Skype instant messages for sensitive information that could be used to access other accounts.
Also, for some reason this doesn’t affect Verizon phones in the US, presumably because they have some rigid form of lock that prevents such third party apps from being installed.
Since my Android apps are limited to backup, Antivirus, Kindle, Audible, Google maps and a little thing called Cache Cleaner, I think I’m safe for now. 🙂 But oh, how I wish I could uninstall some of the dozens of pre-installed apps that I never use! – and no, I don’t want to jailbreak it. Actually I think the reason my phone is so slow is that I have over 800 contacts, all with 4-10 data fields. Or maybe the 3500 saved SMS messages…. I thought with smart phones you could keep all your stuff and not have to keep erasing old files.
But I digress… back to the Skype security problem. I’ll keep an eye out and post on the blog here when Skype release a patch for this security risk. They must release some kind of Skype Recorder for Andriod phones as well.