Huge Security Hole in Skype for Android

A quick heads up for tonight.

If you use Skype for Android (like myself) then you should probably be made aware of a major security hole that can reveal a significant amount of personal information from Skype, including:

  • Username,
  • E-mail address,
  • Gender,
  • Contact List and their information.

I have included a video sourced from YouTube that shoes the security hole being exploited (

About an hour ago, Skype released the following e-mail to users of Skype to Android warning of the security problem and making people wary if installing suspect applications.

Dear <username>

Thank you for downloading and using the Skype for Android software. Unfortunately, it has come to our attention that if you were to install a malicious third-party application onto your Android device, it could access the locally stored Skype for Android files. These files include cached profile information and your instant message chat history.

We take our users’ privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application. This update will be available shortly and as always we urge you to install updates to benefit from our continuous fixes and improvements.

Until the update is released, to protect your personal information, we advise that you as always take care when selecting which applications to download and install onto your device from the Android Marketplace.

For more information see our Security Blog at blogs.skype.com/security or our security section at skype.com/security.

Adrian Asher
Chief Information Security Officer
Skype Information Security

So be wary of the apps you have installed or will install( particularly if you have rooted your phone) until the update is released which hopefully won’t be too far away.

Leave a Reply

Your email address will not be published.