The Android version of the popular Skype VoIP and instant messaging client is plagued by a vulnerability that exposes the personal data stored on the Android-powered device. Skype explained that if you were to install a malicious 3rd party application on your Android device, that application could gain access to the data stored locally by Skype for Android.

By data locally stored by Skype Android I mean data such as cached profile information, contacts, and message logs. Malicious apps can access this data because Skype for Android stores all user data in a folder that carries the user’s name. The database files in the aforementioned folder are not encrypted and they have incorrect permissions. With minimal effort, the data included in these database files can be accessed.

“We take your privacy very seriously and are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application,” said Skype’s Adrian Asher. “To protect your personal information, we advise users to take care in selecting which applications to download and install onto their device.”

Skype for Android was rolled out to the public back in October 2010. This means that since October 2010 it has been vulnerable. Skype Mobile for Verizon is not affected by the same vulnerability.

Chester Wisniewski is a Senior Security Advisor at Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, said that this is not a vulnerability, but an example of sloppy coding and lack of respect for the user’s privacy.

“What is being called a vulnerability in the Android version of Skype could simply be written up as sloppy coding at best, or disrespect for your privacy at worst,” said Chester Wisniewski. “I think the safest advice is simply to remove Skype from your Android until we can be satisfied that the problems have been resolved.”