Almost six months ago, popular Voice over Internet Protocol company Skype unveiled the Skype for Android App. Recently, Android enthusiast blog Android Police discovered a security issue with Skype for Android App that may lead to an open invite for hackers to access user data on the device. According to Android Police, the latest version of Skype for Android stores chats logs and other information on the microSD card un-encrypted.
Until the Android 2.2 Froyo update, all smartphone users had to install their apps on the internal on-board memory of their smartphones. Once the Froyo update was rolled out, users could install and store the apps on the MicroSD card. However, there lies a limitation as developers still get to choose whether the app should be allowed to be installed on the microSD card or not. In case the developer allows the app to be installed and store data on the microSD card, that data is supposed to be strongly encrypted. Else, it's like storing all your passwords and data in a text file on your desktop. It's plain stupidity and an open invite for anyone to steal data from there.
The latest version of Skype for Android lets users install stuff from microSD card and stores all user data such as chat logs and profile information on the card itself. However, the Skype for Android app doesn't apply encryption on that whatever additional information is saved on the external storage. That leaves the personal information of the user exposed to potential hackers.
Skype has confirmed about the issue and is said to be investigating it.
Take a look at the video by Android Police that shows the issue:
0 comments:
Post a Comment