Update Skype for Android to fix privacy vulnerability issue and get 3G calling

On April 14, Android Police revealed Skype for Android vulnerability issue, which would theoretically allow malicious third-party application to get access to Skype’s profile information and chat logs. The issue was acknowledged by Skype the next day. The vulnerability was caused by Skype using wrong file permissions of the cached profile information and not encrypting profile data. Today Skype announced that the issue has been fixed, so please go to Android Market and update to the latest version. As a bonus, 3G calling is now available in the US.

There are two lessons from this story. For Android developers, the lesson is to be careful with storing user’s private information. For bloggers, Android Police demonstrated how not to publicize vulnerability issues.

Android Police a one of the better Android blogs out there and it is disappointing how they handled this issue. Justin Case, the author of the story, says that Skype was notified, but they didn’t respond. It is unclear how long Android Police waited before publishing the story. Even if no response from Skype was received, maybe more efforts should have been put into trying to get Skype’s attention behind the scenes. And even if publishing the story was the only way to bring attention to the issue, it was irresponsible for Android Police to include full details on how to exploit the issue.

In the comments to his post, Justin Case stated that he believes in full disclosure and thinks it is the only way to get big companies to act. This is not the first time such full disclosures happened at Android Police either: previously, full details of breaking Android License Verification library were published. It is clear that Android Police doesn’t believe in a responsible fault disclosure, which was nicely outlined by Jeremy Ellsworth in the comments. Let’s hope that as Android Police popularity grows, their sense of responsibility grows as well.

Skype logo

0saves
If you enjoyed this post, you can subscribe to the RSS feed or follow via Twitter and Facebook.
This entry was posted in Android, Mobile. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Comment

  1. Reanna
    Posted November 29, 2012 at 8:22 pm | Permalink

    I have to get across my gratitude for your kindness giving support to men who should have guidance on your issue. Your very own commitment to passing the message all over was astonishingly effective and have consistently enabled many people much like me to achieve their pursuits. The helpful useful information denotes much a person like me and especially to my office workers. Thanks a ton; from each one of us.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>