It seemed Google (GOOG) was just beginning to recover from its security backlash, after dozens of malware-riddled apps were discovered in the Android Market, and pirated apps have run abound. But a loophole in Skype’s Android app reveals even more security concerns, as the VoIP provider has seemingly left personal data files unprotected. The Skype security flaw gives up access to an Android device user’s Skype name, contacts, profile, message logs, and more. It’s another downturn for Android’s public perception, even as Skype struggles to resolve the issue.
Another security issue uncovered
The potential security breach was uncovered by AndroidPolice, where Justin Case discovered the app’s vulnerabilities while testing a leaked version of Skype Video for his Thunderbolt. Digging into the app itself, he was surprised to see the limited precautions Skype has taken with private user data, failing to employ proper permissions for their protection.
What’s worse, the unguarded data can be tied to other private information, giving up all the goods a hacker would need to do some serious damage. Case writes, “But how do we find this directory from another app if we don’t know the username? Well, Skype stored the username in a static location, we can parse this file, get the username and find the path to Skype’s stored data.”
3 billion apps downloaded from the Market
While Skype has noted it’s working on a solution for these data vulnerabilities, Google’s bragging rights seem a little tarnished as more security issues continue to pop up around its mobile OS. During an earnings call Thursday afternoon, Google noted that more than 3 billion apps have been installed from the Android Market so far, while also confirming the recent stat of 350,000 Android smartphones being activated on a daily basis. That’s a marked 50 percent increase from the previous quarter, and the rate of growth for Android app installs is only likely to increase, as more portals, such as the Amazon Appstore, enter the fold.