1. sf49ers's Avatar
    Here is another nice recipe for getting hosed

    Skype Android app is a security disaster
    04-15-11 12:47 AM
  2. iN8ter's Avatar
    Does anyone actually use that app? It's been terrible since they released it.
    04-15-11 12:56 AM
  3. qbnkelt's Avatar
    Deleting Skype from my Atrix....*sigh*

    Posted from my CrackBerry at wapforums.crackberry.com
    04-15-11 02:07 AM
  4. scorpiodsu's Avatar
    Android and security risk has become synonymous lately. And this is coming from someone who likes Android.
    04-15-11 08:53 AM
  5. qbnkelt's Avatar
    When I said I didn't care for an open source platform I was fricaseed...

    Posted from my CrackBerry at wapforums.crackberry.com
    04-15-11 12:02 PM
  6. hootyhoo's Avatar
    The article stated that you also have to download another app to make it a security risk.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-15-11 12:08 PM
  7. sf49ers's Avatar
    The article stated that you also have to download another app to make it a security risk.

    Posted from my CrackBerry at wapforums.crackberry.com
    point is that anyone can simulate that behavior in another app which we don't know
    04-15-11 12:17 PM
  8. hootyhoo's Avatar
    True but there have been no reported cases of this actually happening.

    By the way, has rim sent the all clear to re-enable JavaScript?

    Posted from my CrackBerry at wapforums.crackberry.com
    04-15-11 12:35 PM
  9. xlDeMoNiClx#CB's Avatar
    To be honest, I'm happy enough with just having Skype on my laptop.
    04-15-11 12:59 PM
  10. dutchtender's Avatar
    yes but is it as big of security nightmare as the BB webkit browser?
    04-15-11 01:39 PM
  11. DenverRalphy's Avatar
    Android and security risk has become synonymous lately. And this is coming from someone who likes Android.
    This is more a situation where it's not so much an Android issue, as it is an app with a glaring security flaw. Regardless of which operating system an app is designed for, a poorly designed app can pose a serious security threat on any platform. Unfortunately for Android, in this case it happens to be an app written for their platform, so they'll suffer a stigma.

    yes but is it as big of security nightmare as the BB webkit browser?
    So what if it is or isn't? Does that detract from the seriousness of a security issue with the Skype app? Or are you just hatin for the sake of hatin?
    04-15-11 03:09 PM
  12. qbnkelt's Avatar
    yes but is it as big of security nightmare as the BB webkit browser?
    And how is that pertinent to this serious flaw found in this Skype for Android?
    04-15-11 04:07 PM
  13. howarmat's Avatar
    this was found in a leak copy of the program. its not the same as the standard market version that you have on your atrix
    04-15-11 05:06 PM
  14. qbnkelt's Avatar
    I'm afraid to risk it.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-15-11 06:35 PM
  15. Daniel Ratcliffe's Avatar
    It says it was found in the normal one too. Does Windows Phone have a non-vulnerable Skype?
    04-16-11 12:33 AM
  16. iN8ter's Avatar
    Windows Mobile had skype and there haven't been any big vulnurabilities found in it. WP7 doesn't have it yet, but it's coming. They were showing it off at MIX.

    All WP7 applications are sandboxed and 3rd party applications do not have access to that much information from the system, so it will be hard to excercise these types of exploits there.
    04-16-11 01:31 AM
  17. wiggy1's Avatar
    Everything is a bit of a security risk. I thought Skype on the Android was just fine and quite useful.
    04-16-11 02:14 AM
  18. Xopher's Avatar
    So, the Skype security risk is that they didn't encrypt their database, so another app can gain access to your Skype contact list.

    It doesn't give access to your phone's contact list. It doesn't give access to your phone. The only information that isn't secure is the data in the Skype contact list, and only if you load another application that attempts to read the Skype contact database. I would say that Skype will encrypt the database in their next update.
    K Bear likes this.
    04-16-11 02:50 PM
  19. hootyhoo's Avatar
    They're working on it.

    http://m.androidcentral.com/skype-re...-security-hole

    Posted from my CrackBerry at wapforums.crackberry.com
    04-16-11 11:29 PM
  20. scorpiodsu's Avatar
    This is more a situation where it's not so much an Android issue, as it is an app with a glaring security flaw. Regardless of which operating system an app is designed for, a poorly designed app can pose a serious security threat on any platform. Unfortunately for Android, in this case it happens to be an app written for their platform, so they'll suffer a stigma.
    Full agree. But that's the potential problem of not carefully reviewing apps before they are available in your store. So that's what makes it an Android problem.... the lack of moderation around the app market. But again, I like Android but the "openess" of some things make it more susceptible to these types of attacks. Until they crack down on the market, these risks (small is many cases) will will there. It's one thing to have general OS risks that all OS have but when it's things that you allow in the market, that increases the chances.
    04-18-11 10:42 AM
  21. hootyhoo's Avatar
    http://m.androidcentral.com/skype-fi...ing-make-it-us

    Posted from my CrackBerry at wapforums.crackberry.com
    04-21-11 06:00 PM
  22. iN8ter's Avatar
    Yep, already fixed.

    Rather have market leaders releasing apps in a poorly monitored app store than not get those apps at all (or have to pay an arm and a leg for it i.e. $20 for Vlingo on Blackberry when the free Android app has all the functionality of the paid BB version and a ton more)...
    04-21-11 11:01 PM
  23. i7guy's Avatar
    Full agree. But that's the potential problem of not carefully reviewing apps before they are available in your store. So that's what makes it an Android problem.... the lack of moderation around the app market. But again, I like Android but the "openess" of some things make it more susceptible to these types of attacks. Until they crack down on the market, these risks (small is many cases) will will there. It's one thing to have general OS risks that all OS have but when it's things that you allow in the market, that increases the chances.
    Android though has the most number of critical vulnerabilities. Some may not care, some may care. To some the number of vulnerabilities is at best an intellectual discussion.

    That however, doesn't mean there isn't a real and present danger of drive-by attacks.
    04-22-11 01:45 PM
  24. hootyhoo's Avatar
    The openness of android is a two edged sword. It MAY make it easier to hack, but it also makes the vulnerability of apps come to the surface faster. They then receive fixes quicker. Skype is already fixed.

    Has rim released a patch for their browser yet? With a closed system like bb, there are fewer developers to work on a fix and one has to rely on the hope that rim will some day plug the hole.

    Posted from my CrackBerry at wapforums.crackberry.com
    04-22-11 03:08 PM
  25. i7guy's Avatar
    Since I don't have OS6 I don't know if a fix was released. Disabling javascript is a quick workaround and is the only "real" vulnerability, to my knowledge, that poses any clear and present danger.

    Android has a laundry list of vulnerabilities. Don't shoot the messenger.
    04-22-11 03:47 PM
27 12
LINK TO POST COPIED TO CLIPBOARD