Skype has repaired a major security bug in its app for Android mobile devices that could have been used to expose users’ private data. The updated version of the app is currently available for download on the Android Market. Once the new version of the app is installed, the problem is fixed, the company says.
“We have had no reported examples of any 3rd party malicious application misusing information from the Skype directory on Android devices and will continue to monitor closely,” writes Skype’s Adrian Asher on the company blog. “Please rest assured that we do take your privacy and security very seriously and we sincerely apologise for any concern this issue may have caused.”
The hole in the Skype for Android app was exposed last week by software developer Justine Case, who first reported the vulnerability on the Android Police smartphone security blog.
Before the fix, the app’s bug allowed malicious third-parties to access a file on the Skype directory that contained vital user data, like name, phone number and chat logs.
Security issues have become an increasingly frequent issue for the mobile industry. Days before the Skype bug was exposed, federal investigators revealed that the Pandora music app had enabled the company to collect and distribute “mass quantities” of users’ private information to advertising firms. And on Wednesday, researchers showed that Apple devices running the iOS 4 operating system secretly records and stores users’ location information without their consent. (Check out our guide to encrypting your iOS devices’ location data here.)
In addition to the security fix, the update to the Skype for Android app now allows users to make calls over their wireless carriers’ 3G network, rather than only being able to do so over a Wi-Fi connection.
To help prevent future security issues, Skype recommends that Android customers only download Skype mobile applications from skype.com, or from the Android Market links provide on the site.
