Skype Plugs Android App Privacy Hole

← Back to Stories (view on slashdot.org)

Skype Plugs Android App Privacy Hole

Posted by samzenpus on Wednesday April 20, 2011 @08:35PM from the putting-in-the-fix dept.

alphadogg writes "Less than a week after confirming that a flaw in Skype for Android could leak sensitive user information, the Internet calling company issued an urgent update to fix the problem. Skype informed customers that 'After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version [1.0.0.983] as soon as possible in order to help protect your information.' Skype says it has had no reported examples of third-party apps misusing information from the Skype directory on Android devices, though is keeping an eye on things."

45 comments

Min score:

Reason:

Sort:

Skype App SUCKS by Anonymous Coward · 2011-04-20 20:49 · Score: 0

Holy crap Skype SUCKS.
Skype, a phone app that:
A. you can't remove without rooting the phone
B. Doesn't let you make voip calls over wifi
B. Has known vulnerabilities that compromise the phone security
1. Re:Skype App SUCKS by Anonymous Coward · 2011-04-20 21:18 · Score: 1
  
  A, B, B. did you write the Skype code?
2. Re:Skype App SUCKS by Racemaniac · 2011-04-21 00:01 · Score: 2
  
  doesn't sound like the standard version to me
  on my android, skype didn't come preinstalled, so i can install/remove it as i wish, and i can certainly make voip calls over my wifi.
  sounds like you're talking about some cut down version your provider gave you, go complain with them, not skype.
3. Re:Skype App SUCKS by BrokenHalo · 2011-04-21 02:50 · Score: 1
  
  Thou shalt not feed the trolls.
  
  I suspect your parent post has not even done the most basic of research. After all. , while most telcos are happy to preload apps that eat up your bandwidth, preloading an app that diverts revenue away from regular timed phone calls would just be silly.
  
  But I too have no problem using Skype over my WiFi connection, and I have never had a problem with upgrading it (which requires an uninstall of the previous version).
4. Re:Skype App SUCKS by icebike · 2011-04-21 07:25 · Score: 1
  
  I can remove it any time I want.
  Makes calls over both 3g and wifi
  Security issues fixed.
  So Wrong on all three counts, plus you haven't learned your alphabet.
  If you want some real criticisms, you might have noted that Skype for Android is a memory hog, and a bit of
  a battery hog as well.
  
  --
  Sig Battery depleted. Reverting to safe mode.
Video support by linuxguy · 2011-04-20 21:02 · Score: 1

Would it kill them to release video support for Android phones, like they did for iphone/itouch devices a while back?
1. Re:Video support by easyTree · 2011-04-20 21:11 · Score: 1
  
  Would it kill them to allow the app to be shut down without restarting the phone? It SUCKS battery life so it's nice to be able to jump in and out as needed.
  
  --
  Requiem for the American Dream
2. Re:Video support by imroy · 2011-04-20 21:28 · Score: 3, Informative
  
  Sign out, then you can 'back' out of the app without it running in the background.
3. Re:Video support by Anonymous Coward · 2011-04-20 21:40 · Score: 0
  
  Would it kill them to allow the app to be shut down without restarting the phone? It SUCKS battery life so it's nice to be able to jump in and out as needed.
  This is so true! And be able to control the sound and vibration when on a phone call!
  You can install the app Stop Skype... it quickly help stopping skype.
4. Re:Video support by easyTree · 2011-04-20 21:49 · Score: 1
  
  Thanks for the tip.
  
  --
  Requiem for the American Dream
5. Re:Video support by niftydude · 2011-04-20 22:51 · Score: 1
  
  Would it kill them to release video support for Android phones, like they did for iphone/itouch devices a while back?
  I think they have already released video support for android on the HTC thunderbolt - but only if you are using the verizon network.
  
  Bastards must have signed some sort of exclusivity agreement.
  
  Of course that leaves those of us who live anywhere else in the world pretty much screwed.
  
  --
  You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
6. Re:Video support by easyTree · 2011-04-20 23:19 · Score: 1
  
  One of the dozens of task manager applications that allow processes to be abruptly killed, offering them no opportunity to gracefully shut-down and write any cached changes to persistent storage, thereby potentially risking the integrity/completeness of your data?
  Thanks for the tip.
  
  --
  Requiem for the American Dream
7. Re:Video support by Anonymous Coward · 2011-04-20 23:38 · Score: 0
  
  ...thereby potentially risking the integrity/completeness of your data?
  The odds of that happening are so low it's probably safer to just not use a smartphone at all. Have you considered the Fisher Price Rescue Heroes Walkie-Talkies? They seem more your speed.
8. Re:Video support by PiSkyHi · 2011-04-21 00:13 · Score: 1
  
  Despite Nokia letting everyone with Maemo devices down for the future, Skype video on the N900 works quite well now that Desktop versions have caught up to it, over wi-fi or 3G.
9. Re:Video support by Anonymous Coward · 2011-04-21 00:26 · Score: 0
  
  Of course that leaves those of us who live anywhere else in the world pretty much screwed.
  Unless this works out:
  http://forum.xda-developers.com/showthread.php?t=1031944
10. Re:Video support by DrXym · 2011-04-21 01:49 · Score: 1
  
  Or, here's an idea and I know this is crazy but, you could download one of the dozens of task manager applications and terminate the program manually. Calm down! Calm down! Yes, it's a radical idea that almost no one would ever think of, but it just might work, you fucking idiot.
  Those task managers terminate the process but often they're started right up again. Android permits applications to contain services which are long-running background processes. Services can be sticky so they survive the activity dying. They can also be restarted by broadcast receivers which are woken by system events and if you kill the process the service is running in, Android may start it right up again.
  Some task managers have auto kill lists but then this interferes with the times when you DO want to run the service. Basically Skype and other offending apps should be more configurable and allow a user to sign off Skype after a period of inactivity if they wish, or in certain conditions such as 3G vs wifi connectivity, battery / mains power etc.
11. Re:Video support by Anonymous Coward · 2011-04-21 02:35 · Score: 0
  
  ...thereby potentially risking the integrity/completeness of your data?
  The odds of that happening are so low it's probably safer to just not use a smartphone at all. Have you considered the Fisher Price Rescue Heroes Walkie-Talkies? They seem more your speed.
  
  So
12. Re:Video support by icebike · 2011-04-21 07:37 · Score: 1
  
  Sign out, then you can 'back' out of the app without it running in the background.
  If you log out, the process is like every other android process, it goes to sleep and will be paged out as memory demand requires.
  It no longer hold any connections open. But there should still be an option to completely quit.
  Logging out is not obvious, (see status setting tab).
  The app is a huge memory hog. I couldn't even install it till the version that allowed installation to the MicroSD card (app2SD).
  I only use it for international calls to a small group of people, because it is just too resource intensive. I have them text me on google talk (which every android phone has) and then I will switch to voice over Skype.
  But lately I've been using SIP for that, using CSipSimple, which connects faster, sounds better, and is very resource friendly. With a free SIP account at both ends from any number of sip providers (such as iptel.org, sip2sip.info, etc) its far easier than Skype. The only advantage skype holds is name recognition.
  
  --
  Sig Battery depleted. Reverting to safe mode.
13. Re:Video support by icebike · 2011-04-21 07:47 · Score: 1
  
  While true for some essential apps, your comment is not germane to Skype. Once killed, it stays killed.
  Other than that, I agree with you, get rid of offending apps.
  But be sure they are REALLY offending.
  Skype goes dormant when you log out of skype (not the easiest option to find in the Android version).
  It will drop all data connections when you do this.
  But it still leaves about 29meg in memory.
  That too will be paged out as memory need demands. So it really does not need to be killed, you just need to log out. They should make this easier to find.
  Far too many people try to micro-manage Android's memory usage. Far too many cell companies install task killers. Android is not windows. It knows how to manage memory far better than the user does, and far better than task killers.
  There is absolutely no reason to run a task killer on Android.
  If you have a misbehaving app, get rid of it. Don't add more troublesome software to compensate.
  
  --
  Sig Battery depleted. Reverting to safe mode.
14. Re:Video support by easyTree · 2011-04-21 10:36 · Score: 1
  
  Yes, I have a set. They're just great.
  Thanks for the tip.
  
  --
  Requiem for the American Dream
15. Re:Video support by jrumney · 2011-04-21 12:29 · Score: 1
  
  Why would you want to download a dodgy third party app for this, when the ability to terminate applications and services is built right in to the Settings/Applications menu?
Ironic, as Skype refuse to refund fraud by Toby+The+Economist · 2011-04-20 21:08 · Score: 5, Interesting

My Skype account was recently emptied. Only five euros, thankfully.
I emailed Skype and said there had been fraudulent calls and if they'd refund me.
Skype replied, to the effect that they do not refund losses and fraud is due to customer error (I kid you not).
I pointed out *I* had told *them* it was fraud. You don't, especially when customers money has gone missing, assume what the customer has told you is exactly and completely the problem, and inform him you don't do refunds!
The calls made were kinda strange, there were many calls, a lot of which were zero length in duration. That didn't quite look like plain fraud. Maybe there's a bug in their billing system, or even their calling system.
Basically Skype said it was fraud, because I told them it was, and they told me it was my fault, because they said it was.
I looked on the web, found similar stories - including ones where people had auto-recharge on, and their bank accounts had taken losses too - it wasn't just their Skype account was emptied.
The problem is that Skype is pre-paid. They benefit financially from fraud.
So here we see Skype jumping through hoops to close a customer data loss bug - but steadfastly refusing to refund customer losses from mysterious calls, without a care about the cause, and so without a care about the responsibility.
1. Re:Ironic, as Skype refuse to refund fraud by georgesdev · 2011-04-20 21:57 · Score: 1
  
  I've been having doubts myself recently. I'll keep an eye on it
2. Re:Ironic, as Skype refuse to refund fraud by Anonymous Coward · 2011-04-20 22:05 · Score: 1
  
  Mmm. I'm reminded of the Paypal fiasco where somethingawful used paypal for a Katrina fundraiser and Paypal was severe fuckwards by both shutting down the paypal account (LOTS OF MONEY POURING IN, MUST BE A SCAM. NOPE NOT LISTENING TO YOUR CALLS) then when he attempts to just refund everyone, foreign currency had to take "conversion fees" despite, you know, only existing as data.
  Fuck the corporations.
3. Re:Ironic, as Skype refuse to refund fraud by Anonymous Coward · 2011-04-21 01:43 · Score: 0
  
  Sorry to hear that. Do you have Google voice in your country? I switched and never looked back. Cheap long distance calls, merges well with android phones (of course) and free text messages over data connections.
4. Re:Ironic, as Skype refuse to refund fraud by Toby+The+Economist · 2011-04-21 04:20 · Score: 1
  
  Unfortunately, no. I before this incident had looked for an alternative - I already had some issues with Skype. I found nothing - no other company seems to offer PC to landline calls, with the exception of Google Talk, which is mainland USA only. If they come to Europe, I'll try them instantly.
Android app still has many problems by Anonymous Coward · 2011-04-20 21:27 · Score: 1

They should also fix the weird bugs that make your device unusable when calling, screen keeps popping black because of accelerometers. Also audio disappears from subsequent calls when a call was dropped to due network issues.
Need to use browser to download android apps by Anonymous Coward · 2011-04-20 21:28 · Score: 0

I live in a country where I can not access many android markets with my phone so I need to download the apk with my browser and then use adb to install on phone. Where can I down load the new skype apk with my browser?
skype makes ma bell look like a crack whore by Anonymous Coward · 2011-04-20 21:58 · Score: 0

maybe that's why she's gotten to be so grotesquely big. are the 3X6 airtight bunkers being distributed in southern bell already too?
Ekiga wins again! by Anonymous Coward · 2011-04-20 22:08 · Score: 0

Skype is a proprietary, closed source program that enslaves users under the guise of providing a communication service. If Skype was FOSS the security hole would never have existed. Even if there was a hole, it would have been fixed in a matter of hours instead of Skype sitting on their ass for a whole week. Ekiga is FOSS and provides all the same features Skype does, except better, faster, and best of all it respects user's freedom.
1. Re:Ekiga wins again! by cheros · 2011-04-21 02:41 · Score: 2
  
  "Proprietary", "enslaves", "guise of" - yeah right. How about taking a your medicine first?
  First of all, FOSS is not a guarantee of absolute security. It can be better provided there are enough eyeballs on the problem, and people capable of coding their way around it, but it is NOT a guarantee.
  Secondly, you're welcome to Ekiga. I also need to call landlines which it doesn't support, but I have Skype on Windows (which I may use once a month), on OSX (which I use all the time), on Linux, in handsets, on an iPhone and on Android until I got fed up with the data leakage that Android represents. And guess what? It Just Works.
  You're welcome to your own Universe, just don't try to sell it as perfect because it isn't (and I have been using Linux since it came as Slackware on floppies).
  
  --
  Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
uncle sam; predatory dick with ears by Anonymous Coward · 2011-04-20 22:22 · Score: 0

definite abuser terrorist profile. makes ma bell look like sister merry francis of the mormormonic communications revolutions, or a dick without ears.
Not that version by Chris.Nelson · 2011-04-20 23:10 · Score: 1

The Android Market is offering 1.6.0.13 this morning.
SMS by ud+plasmo · 2011-04-20 23:19 · Score: 1

How about releasing the SMS sending feature onto their android version as well.
I mean I can use it from the Skype PC application, why isn't it on the mobile as well?
Or is this because phone companies don't want Skype to touch their SMS profits?

--
Norris Normal - Who am I?
What about "Skype mobile on Verizon" ? by brilong87 · 2011-04-21 00:49 · Score: 1

I'm running Android 2.3 on a Samsung Droid X and I have "Skype mobile on Verizon" installed and "Skype" is available in the marketplace. Were both subject to this hole? Were both patched?
1. Re:What about "Skype mobile on Verizon" ? by Anonymous Coward · 2011-04-21 03:00 · Score: 0
  
  You don't have a Samsung Droid X. Samsung doesn't make Droid X, Motorola does. Samsung makes the Galaxy series.
2. Re:What about "Skype mobile on Verizon" ? by Anonymous Coward · 2011-04-26 12:39 · Score: 0
  
  You don't have a Samsung Droid X. Samsung doesn't make Droid X, Motorola does. Samsung makes the Galaxy series.
  lol, yikes! I've been reading Slashdot for years and my first comment on a story is ripped to shreds due to my early-morning-too-tired-simple-mistake. Thanks for the welcoming Anonymous Coward. Does anyone know if Skype for the MOTOROLA Droid X has been patched?
#1 Reason OWNERS b allowed remove preloaded apps by Anonymous Coward · 2011-04-21 02:13 · Score: 0

This highlights the number 1 reason PHONE OWNERS (yes... we are OWNERS) should be able to REMOVE any application they don't want, regardless if the phone vendor preloads applications on them. Users should not have to "ROOT" these stupid vendor specific phones to remove spyware like Skype. (Thanks Apple for using this control the user, restrict what users are allowed to do model)
Skype with bad software? Say it isn't so! by Anonymous Coward · 2011-04-21 04:01 · Score: 0

Skype software sucks. Bad.
I have to use it for work and on my PC, it just pops up randomly with an ad that disables my screen saver (and that's with a PAID ACCOUNT that gives me access to phones and a phone number). Also, ever seen how many ports it opens up? Plus, who made that horrible excuse for a UI???
The Skype folks need some serious lessons in software development and interface design. I wish I didn't have to use it for work.