The detectives over at Android Police have found an interesting weakness in Skype for Android. The site has discovered that the popular VoIP chat client stores contact details, conversation logs, and a host of other information in a series of unprotected squlite3 databases. “Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them,” reads the article. “Not only are they accessible, but completely unencrypted.” The vulnerability was initially found in the recently-leaked Skype build for Verizon’s HTC ThunderBolt, but upon further review the current build of the software was also found to have the issue. The article’s author has even provided a proof-of-concept application that can leverage the databases’ weakness. Skype has published an official response saying that the company takes privacy very seriously and is “working quickly to protect users from this vulnerability.” Hit the jump to see a video of the proof-of-concept in action.
Read [Android Police] Read [Skype]