Justin Case writes:
… On April 11, a leaked version of Skype Video hit the web and, having a Thunderbolt, I had to try it. My first impressions of it were positive, it worked and ran smoothly. My next reaction was, you guessed it: let’s take it apart. What I discovered was just how poorly this app stored private user data.
I quickly came up with an exploit, and I was in shock at just how much information I could harvest. Everything was available to the rogue app I created, without the need for root or any special permissions.
Surely, only this leaked beta build was vulnerable, or so I thought. But upon examining the standard version of Skype for Android (which has been available since October 2010) I discovered the same vulnerability – meaning this affects all of the at least 10 million users of the app.
Read more on Android Police. Skype’s preliminary response can be found on Skype’s blog.