The guys at AndroidPolice have come across a quite serious vulnerability in the Skype for Android app. The hack allows any other application to access a whole lot of personal information like “account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, your webpage, your bio, and more.” That’s a lot! Apparently, Skype forgot to add encryption to the databases that store all this data. Really, Skype, really?
Justin from AndroidPolice went ahead and built an app that shows how the vulnerability is exploited. You can download the app here if you want to understand how the Skype app gives out your info like it’s free candy. Skype already responded saying that it’s investigating the issue. You can probably expect the company to push an update tomorrow. Here’s a video on how the hack is achieved. Meanwhile, stay away from downloading shady apps — at least until Skype fixes this.