Android Police has revealed that Skype for Android is vulnerable and exposes user data to a great extent.
This vulnerability has been confirmed by Skype as well.
The website report reveals that due to the vulnerability in the well known VoIP App, information such as user IDs, chat logs, phone numbers, etc. is exposed.
The vulnerability comes from Sqlite3 database that is used to store the user data in an unencrypted format. Skype uses improper permissions to handle these databases.
Further, static locations are used to store the user ID, and so once that location and the user IDs are read, access to the internal databases is not a complicated task.
A malicious application has been implemented as a proof-of-concept towards this vulnerability. The application is able to access the Skype databases through the vulnerability present in the app.
Skype has issued a statement and said that it has come to their notice of a malicious application that is able to exploit the vulnerability and exposes the user related data that is present locally on the Android phone files.
The company has advised its users to stay vigilant and make sure that they do not download and install applications that they are not aware of.
Juniper Networks have expressed grave concern over this vulnerability and advised that the vulnerability might end up revealing sensitive information and through the Skype logs, data that is commonly sent can be gotten hold off.
This latest vulnerability might be an indication towards a much greater issue with Android applications. The improper handling of data logs and the recent outbreaks of Android malware seem to represent much larger security trouble that lies ahead.