Skype for Android update closes privacy vulnerability
The latest update to Skype for Android addresses a security vulnerability in the app that could have allowed a malicious third-party application to access locally stored files. According to a post on the Skype Security blog by Chief Information Security Officer Adrian Asher, these files include cached profile information and instant messages.
In a later post, Asher notes that Skype has "had no reported examples of any 3rd party malicious application misusing information from the Skype directory on Android devices," adding that the company will continue to monitor the situation closely. All versions prior to 126.96.36.1993 are reportedly affected.
In addition to addressing the above security problem, the update also enables calling over 3G for all users, such as those in the US that were previously prevented from doing so. All users are advised to upgrade to the latest version.
Version 188.8.131.523 of Skype for Android is available to download via the Android Market. Alternatively, existing users can update via the Android Market's built-in app update feature. Skype for Android requires devices running Android 2.1 "Eclair" or later. However, on Samsung Galaxy S devices, it requires Android 2.2 "Froyo" or higher.
- Privacy vulnerability in Skype for Android fixed, a Skype Security blog post.