Android security risks with Skype

Always be careful what you download, Android users.

Skype announced on Friday that the user data from its Android app may be vulnerable if its users unsuspectingly installs a ‘malicious’ third party app to their device.

Christina Warren of Mashable reports that just last month, “Google removed 21 apps from the Android Market after the blog Android Police alerted the company that the apps contained malware and were being used to collect user data.

“After removing the apps from the store, Google also invoked a kill switch to remove them from the phones of users who had the misfortune of downloading the junk,” writes Warren.

According to Skype, it became aware just recently that its users info like cached profile information and instant messages may have been accessed from the malicious third party apps. Android police discovered the susceptibility earlier this week.

“On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it. My first impressions of it were positive, it worked and ran smoothly. My next reaction was, you guessed it: let’s take it apart. What I discovered was just how poorly this app stored private user data,” Justin Case of Android Police reported.

Warren further explained the malware’s effect for Skype for Androids:

“This only impacts Skype for Android users who installed malware from the Android Market or from various third-party app stores. Even then, it isn’t certain that this information was accessed. Still, any users who downloaded those apps should change their password, and check their Skype instant messages for sensitive information that could be used to access other accounts.”

Meanwhile, Skype reassured its users that the company already took action to protect its users from this vulnerability, by securing file permissions in Skype for Android so that data would not be accessible from apps that gain root access. Skype also posted a word of precaution for the users: