Heads up on a recently revealed vulnerability in the popular Skype app for Android. While the app itself hasn’t been exposing anyone’s personal information, various rogue Android apps could theoretically exploit a weakness in how Skype handles things like your username, phone number, e-mail address, chat logs and more.
Apparently the Skype app houses several files containing a user’s personal information unencrypted and unprotected. These files are stored in a static location that can be accessed by a separate app programmed to grab the unprotected files. The vulnerability was discovered by AndroidPolice.com (fitting, no?), who says the following:
“The most interesting file one can gain access to is main.db. The accounts table in this database holds information such as account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, your webpage, your bio, and more.
The Contacts table holds similar information, but on friends, family and anyone else in your contact list (that is, more than Skype exposes on other users publicly). Moving further along, looking into the Chats table, we can see your instant messages – and that’s just the tip of it. Scary.
This means that a rogue developer could modify an existing application…, distribute that application on the Market, and just watch as all that private user information pours in. While the exploit can’t steal your credit card info, the data it’s harvesting is still clearly very private (chat logs linked back to your real name, address, and phone number).“
So you’d need to inadvertently download a separate malicious app from the Android Market that had been coded to steal all this information—hopefully the odds that you’ve done that recently are slim to none.
Skype has published a short blog post acknowledging the issue, saying they’re “working quickly to protect you from this vulnerability.”
More on TIME.com: