Skype for Android security flaw: What you need to know

A recently discovered flaw allows the popular VoIP app to expose your personal data to malicious apps.

A recently-discovered vulnerability in Skype's Android app could allow malicious apps access to your personal data. Here's what you need to know about this flaw and how to protect yourself.

What's the Problem?

The problem with Skype for Android, as was discovered by, is the way that the app stores your personal data. That data includes everything from your Skype username, contacts, profile, and instant message logs to far more sensitive information, such as your account balance, full name, date of birth, address, phone numbers, e-mail address, your biography, and more. Also at risk is similar data about your contacts.


According to, "Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted."

That means that, if you were to unknowingly download a malicious app, it could be used to access all of that information from your phone. Your credit card data is not at risk, but -- as you can see -- plenty of personal information is up for grabs.

What Apps are Affected? found the problem when testing out a leaked version of the new Skype Video app. But they quickly discovered that the same flaw was apparent in the standard version of Skype for Android, which has been available since October 2010. That means that all of the app's users could be affected.

How Can You Protect Yourself?

Skype's official response notes that the company is "working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application."

For now, Skype suggests the following remedy: "To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device."

The question is, of course, how do you know which apps are malicious, and which ones aren't? It's not always easy to tell -- something many users discovered last month when dozens of malicious apps were pulled from the Android Market.

But there are steps you can take to keep yourself safe. First, you should research each and every app you install on your phone. That means looking into the app itself and its developer, not just reading the user reviews posted in the Android Market.

You also want to check the permissions of any app you're running on your phone. As soon as you install an app on your Android phone, you'll see a screen telling you what the app will access -- anything from your location to your network communication and phone calls. Don't just click through this screen: read it carefully and make sure the app in question actually needs all of the data it is accessing. (If you want to check the access of apps that are already installed, you can do so by going into Settings and then selecting Applications on most Android phones.) Do not install or remove any apps that request questionable permissions.

You may also want to consider installing a mobile security app, like Lookout Mobile Security, on your smartphone.

These tips will do more than just protect you from this recently-discovered Skype flaw; they offer some of the best ways to keep your Android phone safe at all times.

Join the CSO newsletter!

Error: Please check your email address.

Tags wireless technologytelecommunicationvoipsecurityhardware security componentsmobile securityPhonesAndroidwireless securityconsumer electronicsskype

More about etworkGoogleSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liane Cassavoy

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts