A serious privacy vulnerability has been found in Skype for Android. The vulnerability was first found in a leaked beta version of Skype Video but exists in the currently available version as well. Essentially, private information such as profile information, contacts, and instant messages is stored in unprotected squlite3 databases and could easily be stolen by a malicious third-party application.
Skype has acknowledged the vulnerability and is working on a fix: “We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application.”
AndroidPolice.com found the vulnerability and has provided a proof of concept app:
In the meantime, Skype advises “users to take care in selecting which applications to download and install onto their device.”