Like any responsible software manufacturer who becomes aware of a possible threat to their customers’ data, Skype sent me- and presumably all other registered users of Skype for Android – an email today. It confirms what I reported yesterday regarding the threat only applying if you had installed Skype and a piece of malware. They are also promising to push a patch out ASAP. Here’s what they had to say:
Thank you for downloading and using the Skype for Android software. Unfortunately, it has come to our attention that if you were to install a malicious third-party application onto your Android device, it could access the locally stored Skype for Android files. These files include cached profile information and your instant message chat history.
We take our users’ privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application. This update will be available shortly and as always we urge you to install updates to benefit from our continuous fixes and improvements.
Until the update is released, to protect your personal information, we advise that you as always take care when selecting which applications to download and install onto your device from the Android Marketplace.
For more information see our Security Blog at blogs.skype.com/security or our security section at skype.com/security.
Adrian Asher
Chief Information Security Officer
Skype Information Security
A nice, professional and clear message. So hopefully the opportunistic “Skype is dangerous – installl our VOIP software instead” posts I’ve been seeing will stop now!
Two thumbs up to Skype for the prompt reaction. It would be much better if they adjust Skype Recorder as SuperTinTin in it.