The Members Forum

A flaw in Skype for Android could let criminals harvest private information from smartphones, including the user's name and email address, contacts and chat logs, the Internet calling software maker confirmed Friday.

One security researcher called it "sloppy coding" and a "disrespect for your privacy."

Last week, Justin Case, a regular contributor to the Android Police blog, disclosed that Skype on Android does not block access to a number of sensitive data files stored on the handset.

 The files contain a wealth of information about the Skype account and the smartphone's owner, ranging from full name and date of birth to alternate phone numbers and account balance. Also accessible, said Case, are instant chat logs and all Skype contacts.

"Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them," said Case. "Not only are they accessible, but [they're] completely unencrypted."

Case created an Android application that demonstrated retrieving the unsecured data, and warned that hackers could do the same.

"A rogue developer could modify an existing application with code from our proof of concept, distribute that application on the [Android] Market, and just watch as all that private user information pours in," Case said.

Computerworld has the details HERE!