Saturday, April 16, 2011

Skype for Android Security Flaw: What You Need to Know

| |

A recently-discovered vulnerability in Skype's Android app could allow malicious apps
access to your personal data.
Here's what you need to know
about this flaw and how to
protect yourself. What's the Problem? The problem with Skype for
Android, as was discovered by AndroidPolice.com, is the way that the app stores your personal data. That data includes
everything from your Skype username, contacts,
profile, and instant message logs to far more
sensitive information, such as your account
balance, full name, date of birth, address, phone
numbers, e-mail address, your biography, and more.

Also at risk is similar data about your
contacts. Whew. According to AndroidPolice.com, "Skype
mistakenly left these files with improper
permissions, allowing anyone or any app to read
them. Not only are they accessible, but
completely unencrypted." That means that, if you were to unknowingly
download a malicious app, it could be used to
access all of that information from your phone.
Your credit card data is not at risk, but -- as you
can see -- plenty of personal information is up for
grabs. What Apps are Affected? AndroidPolice.com found the
problem when testing out a
leaked version of the new Skype
Video app. But they quickly
discovered that the same flaw
was apparent in the standard version of Skype for Android , which has been available since
October 2010. That means that all
of the app's users could be
affected.
How Can You Protect Yourself?
Skype's official response notes that the company is "working quickly to protect you from this
vulnerability, including securing the file
permissions on the Skype for Android
application." For now, Skype suggests the following remedy:
"To protect your personal information, we advise
users to take care in selecting which applications
to download and install onto their device." The question is, of course, how do you know
which apps are malicious, and which ones
aren't? It's not always easy to tell --
something
many users discovered last month when dozens
of malicious apps were pulled from the Android Market. But there are steps you can take to keep yourself
safe. First, you should research each and every
app you install on your phone. That means
looking into the app itself and its developer, not
just reading the user reviews posted in the
Android Market. You also want to check the permissions of any
app you're running on your phone. As soon as
you install an app on your Android phone, you'll
see a screen telling you what the app will access
-- anything from your location to your network
communication and phone calls. Don't just click through this screen: read it carefully and make
sure the app in question actually needs all of the
data it is accessing. (If you want to check the
access of apps that are already installed, you can
do so by going into Settings and then selecting
Applications on most Android phones.) Do not install or remove any apps that request
questionable permissions. You may also want to consider installing a
mobile security app, like Lookout Mobile Security, on your smartphone. These tips will do more than just protect you
from this recently-discovered Skype flaw; they
offer some of the best ways to keep your
Android phone safe at all times.

0 comments:

Post a Comment