Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Skype Plugs Android App Privacy Hole

samzenpus posted more than 3 years ago | from the putting-in-the-fix dept.

Android 45

alphadogg writes "Less than a week after confirming that a flaw in Skype for Android could leak sensitive user information, the Internet calling company issued an urgent update to fix the problem. Skype informed customers that 'After a period of developing and testing we have released a new version of the Skype for Android application onto the Android Market, containing a fix to the vulnerability reported to us. Please update to this version [1.0.0.983] as soon as possible in order to help protect your information.' Skype says it has had no reported examples of third-party apps misusing information from the Skype directory on Android devices, though is keeping an eye on things."

cancel ×

45 comments

Frothy Pistol (-1)

Anonymous Coward | more than 3 years ago | (#35890804)

You know it, dawg!

Apple Aspies win again. (-1, Flamebait)

Anonymous Coward | more than 3 years ago | (#35890830)

Steve Job's here, android is sucking my cock right now while I stuff his "open" holes with rejected apps with viruses.

Skype App SUCKS (0)

Anonymous Coward | more than 3 years ago | (#35890842)

Holy crap Skype SUCKS.

Skype, a phone app that:
A. you can't remove without rooting the phone
B. Doesn't let you make voip calls over wifi
B. Has known vulnerabilities that compromise the phone security

Re:Skype App SUCKS (1)

Anonymous Coward | more than 3 years ago | (#35890962)

A, B, B. did you write the Skype code?

Re:Skype App SUCKS (2)

Racemaniac (1099281) | more than 3 years ago | (#35891836)

doesn't sound like the standard version to me
on my android, skype didn't come preinstalled, so i can install/remove it as i wish, and i can certainly make voip calls over my wifi.
sounds like you're talking about some cut down version your provider gave you, go complain with them, not skype.

Re:Skype App SUCKS (1)

BrokenHalo (565198) | more than 3 years ago | (#35893790)

Thou shalt not feed the trolls.

I suspect your parent post has not even done the most basic of research. After all. , while most telcos are happy to preload apps that eat up your bandwidth, preloading an app that diverts revenue away from regular timed phone calls would just be silly.

But I too have no problem using Skype over my WiFi connection, and I have never had a problem with upgrading it (which requires an uninstall of the previous version).

Re:Skype App SUCKS (1)

icebike (68054) | more than 3 years ago | (#35898266)

I can remove it any time I want.
Makes calls over both 3g and wifi
Security issues fixed.

So Wrong on all three counts, plus you haven't learned your alphabet.

If you want some real criticisms, you might have noted that Skype for Android is a memory hog, and a bit of
a battery hog as well.

Video support (1)

linuxguy (98493) | more than 3 years ago | (#35890898)

Would it kill them to release video support for Android phones, like they did for iphone/itouch devices a while back?

Re:Video support (1)

easyTree (1042254) | more than 3 years ago | (#35890928)

Would it kill them to allow the app to be shut down without restarting the phone? It SUCKS battery life so it's nice to be able to jump in and out as needed.

Re:Video support (3, Informative)

imroy (755) | more than 3 years ago | (#35891014)

Sign out, then you can 'back' out of the app without it running in the background.

Re:Video support (1)

easyTree (1042254) | more than 3 years ago | (#35891098)

Thanks for the tip.

Re:Video support (-1)

Anonymous Coward | more than 3 years ago | (#35891262)

Or, here's an idea and I know this is crazy but, you could download one of the dozens of task manager applications and terminate the program manually. Calm down! Calm down! Yes, it's a radical idea that almost no one would ever think of, but it just might work, you fucking idiot.

Re:Video support (1)

easyTree (1042254) | more than 3 years ago | (#35891536)

One of the dozens of task manager applications that allow processes to be abruptly killed, offering them no opportunity to gracefully shut-down and write any cached changes to persistent storage, thereby potentially risking the integrity/completeness of your data?

Thanks for the tip.

Re:Video support (0)

Anonymous Coward | more than 3 years ago | (#35891658)

...thereby potentially risking the integrity/completeness of your data?

The odds of that happening are so low it's probably safer to just not use a smartphone at all. Have you considered the Fisher Price Rescue Heroes Walkie-Talkies? They seem more your speed.

Re:Video support (0)

Anonymous Coward | more than 3 years ago | (#35893560)

...thereby potentially risking the integrity/completeness of your data?

The odds of that happening are so low it's probably safer to just not use a smartphone at all. Have you considered the Fisher Price Rescue Heroes Walkie-Talkies? They seem more your speed.

So

Re:Video support (1)

easyTree (1042254) | more than 3 years ago | (#35900908)

Yes, I have a set. They're just great.

Thanks for the tip.

Re:Video support (1)

DrXym (126579) | more than 3 years ago | (#35892948)

Or, here's an idea and I know this is crazy but, you could download one of the dozens of task manager applications and terminate the program manually. Calm down! Calm down! Yes, it's a radical idea that almost no one would ever think of, but it just might work, you fucking idiot.

Those task managers terminate the process but often they're started right up again. Android permits applications to contain services which are long-running background processes. Services can be sticky so they survive the activity dying. They can also be restarted by broadcast receivers which are woken by system events and if you kill the process the service is running in, Android may start it right up again.

Some task managers have auto kill lists but then this interferes with the times when you DO want to run the service. Basically Skype and other offending apps should be more configurable and allow a user to sign off Skype after a period of inactivity if they wish, or in certain conditions such as 3G vs wifi connectivity, battery / mains power etc.

Re:Video support (1)

icebike (68054) | more than 3 years ago | (#35898542)

While true for some essential apps, your comment is not germane to Skype. Once killed, it stays killed.
Other than that, I agree with you, get rid of offending apps.

But be sure they are REALLY offending.
Skype goes dormant when you log out of skype (not the easiest option to find in the Android version).
It will drop all data connections when you do this.
But it still leaves about 29meg in memory.
That too will be paged out as memory need demands. So it really does not need to be killed, you just need to log out. They should make this easier to find.

Far too many people try to micro-manage Android's memory usage. Far too many cell companies install task killers. Android is not windows. It knows how to manage memory far better than the user does, and far better than task killers.
There is absolutely no reason to run a task killer on Android. [lifehacker.com]

If you have a misbehaving app, get rid of it. Don't add more troublesome software to compensate.

Re:Video support (1)

jrumney (197329) | more than 3 years ago | (#35901922)

Why would you want to download a dodgy third party app for this, when the ability to terminate applications and services is built right in to the Settings/Applications menu?

Re:Video support (1)

icebike (68054) | more than 3 years ago | (#35898408)

Sign out, then you can 'back' out of the app without it running in the background.

If you log out, the process is like every other android process, it goes to sleep and will be paged out as memory demand requires.
It no longer hold any connections open. But there should still be an option to completely quit.

Logging out is not obvious, (see status setting tab).

The app is a huge memory hog. I couldn't even install it till the version that allowed installation to the MicroSD card (app2SD).
I only use it for international calls to a small group of people, because it is just too resource intensive. I have them text me on google talk (which every android phone has) and then I will switch to voice over Skype.

But lately I've been using SIP for that, using CSipSimple, which connects faster, sounds better, and is very resource friendly. With a free SIP account at both ends from any number of sip providers (such as iptel.org, sip2sip.info, etc) its far easier than Skype. The only advantage skype holds is name recognition.

Re:Video support (0)

Anonymous Coward | more than 3 years ago | (#35891068)

Would it kill them to allow the app to be shut down without restarting the phone? It SUCKS battery life so it's nice to be able to jump in and out as needed.

This is so true! And be able to control the sound and vibration when on a phone call!
You can install the app Stop Skype... it quickly help stopping skype.

Re:Video support (1)

niftydude (1745144) | more than 3 years ago | (#35891370)

Would it kill them to release video support for Android phones, like they did for iphone/itouch devices a while back?

I think they have already released video support for android on the HTC thunderbolt - but only if you are using the verizon network.

Bastards must have signed some sort of exclusivity agreement.

Of course that leaves those of us who live anywhere else in the world pretty much screwed.

Re:Video support (1)

PiSkyHi (1049584) | more than 3 years ago | (#35891932)

Despite Nokia letting everyone with Maemo devices down for the future, Skype video on the N900 works quite well now that Desktop versions have caught up to it, over wi-fi or 3G.

Re:Video support (0)

Anonymous Coward | more than 3 years ago | (#35892070)

Of course that leaves those of us who live anywhere else in the world pretty much screwed.

Unless this works out:
http://forum.xda-developers.com/showthread.php?t=1031944

Ironic, as Skype refuse to refund fraud (5, Interesting)

Toby The Economist (811138) | more than 3 years ago | (#35890918)

My Skype account was recently emptied. Only five euros, thankfully.

I emailed Skype and said there had been fraudulent calls and if they'd refund me.

Skype replied, to the effect that they do not refund losses and fraud is due to customer error (I kid you not).

I pointed out *I* had told *them* it was fraud. You don't, especially when customers money has gone missing, assume what the customer has told you is exactly and completely the problem, and inform him you don't do refunds!

The calls made were kinda strange, there were many calls, a lot of which were zero length in duration. That didn't quite look like plain fraud. Maybe there's a bug in their billing system, or even their calling system.

Basically Skype said it was fraud, because I told them it was, and they told me it was my fault, because they said it was.

I looked on the web, found similar stories - including ones where people had auto-recharge on, and their bank accounts had taken losses too - it wasn't just their Skype account was emptied.

The problem is that Skype is pre-paid. They benefit financially from fraud.

So here we see Skype jumping through hoops to close a customer data loss bug - but steadfastly refusing to refund customer losses from mysterious calls, without a care about the cause, and so without a care about the responsibility.

Re:Ironic, as Skype refuse to refund fraud (1)

georgesdev (1987622) | more than 3 years ago | (#35891120)

I've been having doubts myself recently. I'll keep an eye on it

Re:Ironic, as Skype refuse to refund fraud (1)

Anonymous Coward | more than 3 years ago | (#35891158)

Mmm. I'm reminded of the Paypal fiasco [somethingawful.com] where somethingawful used paypal for a Katrina fundraiser and Paypal was severe fuckwards by both shutting down the paypal account (LOTS OF MONEY POURING IN, MUST BE A SCAM. NOPE NOT LISTENING TO YOUR CALLS) then when he attempts to just refund everyone, foreign currency had to take "conversion fees" despite, you know, only existing as data.

Fuck the corporations.

Re:Ironic, as Skype refuse to refund fraud (0)

Anonymous Coward | more than 3 years ago | (#35892866)

Sorry to hear that. Do you have Google voice in your country? I switched and never looked back. Cheap long distance calls, merges well with android phones (of course) and free text messages over data connections.

Re:Ironic, as Skype refuse to refund fraud (1)

Toby The Economist (811138) | more than 3 years ago | (#35895576)

Unfortunately, no. I before this incident had looked for an alternative - I already had some issues with Skype. I found nothing - no other company seems to offer PC to landline calls, with the exception of Google Talk, which is mainland USA only. If they come to Europe, I'll try them instantly.

"plugs" "hole" (-1, Troll)

mangu (126918) | more than 3 years ago | (#35890932)

That one is too easy, I won't even try

Android app still has many problems (1)

Anonymous Coward | more than 3 years ago | (#35891012)

They should also fix the weird bugs that make your device unusable when calling, screen keeps popping black because of accelerometers. Also audio disappears from subsequent calls when a call was dropped to due network issues.

Need to use browser to download android apps (0)

Anonymous Coward | more than 3 years ago | (#35891018)

I live in a country where I can not access many android markets with my phone so I need to download the apk with my browser and then use adb to install on phone. Where can I down load the new skype apk with my browser?

uncle sam plugs annoying sunlight outbreaks (-1)

Anonymous Coward | more than 3 years ago | (#35891078)

the thinking is that us unchosen monkeys like it better in the dark, & for some reason, unseasonable coldness, to match the untimely darkness.

thermal thursday? another perfect day to discuss disarming ourselves in a civil and mature manner, as though our children's lives depend on our civility ability at this time. weapons, media, 'weather' fudging, would be good places to start.

skype makes ma bell look like a crack whore (0)

Anonymous Coward | more than 3 years ago | (#35891128)

maybe that's why she's gotten to be so grotesquely big. are the 3X6 airtight bunkers being distributed in southern bell already too?

uncle sam; predatory dick with ears (0)

Anonymous Coward | more than 3 years ago | (#35891238)

definite abuser terrorist profile. makes ma bell look like sister merry francis of the mormormonic communications revolutions, or a dick without ears.

Ekiga wins again! (0)

Anonymous Coward | more than 3 years ago | (#35891176)

Skype is a proprietary, closed source program that enslaves users under the guise of providing a communication service. If Skype was FOSS the security hole would never have existed. Even if there was a hole, it would have been fixed in a matter of hours instead of Skype sitting on their ass for a whole week. Ekiga is FOSS and provides all the same features Skype does, except better, faster, and best of all it respects user's freedom.

Re:Ekiga wins again! (2)

cheros (223479) | more than 3 years ago | (#35893668)

"Proprietary", "enslaves", "guise of" - yeah right. How about taking a your medicine first?

First of all, FOSS is not a guarantee of absolute security. It can be better provided there are enough eyeballs on the problem, and people capable of coding their way around it, but it is NOT a guarantee.

Secondly, you're welcome to Ekiga. I also need to call landlines which it doesn't support, but I have Skype on Windows (which I may use once a month), on OSX (which I use all the time), on Linux, in handsets, on an iPhone and on Android until I got fed up with the data leakage that Android represents. And guess what? It Just Works.

You're welcome to your own Universe, just don't try to sell it as perfect because it isn't (and I have been using Linux since it came as Slackware on floppies).

Not that version (1)

Chris.Nelson (943214) | more than 3 years ago | (#35891492)

The Android Market is offering 1.6.0.13 this morning.

SMS (1)

ud plasmo (842308) | more than 3 years ago | (#35891538)

How about releasing the SMS sending feature onto their android version as well.

I mean I can use it from the Skype PC application, why isn't it on the mobile as well?
Or is this because phone companies don't want Skype to touch their SMS profits?

The Daily Chimpout (-1)

Anonymous Coward | more than 3 years ago | (#35891672)

Today, featuring Black Females Trash McDonalds [youtube.com]

What about "Skype mobile on Verizon" ? (1)

brilong87 (2055120) | more than 3 years ago | (#35892290)

I'm running Android 2.3 on a Samsung Droid X and I have "Skype mobile on Verizon" installed and "Skype" is available in the marketplace. Were both subject to this hole? Were both patched?

Re:What about "Skype mobile on Verizon" ? (0)

Anonymous Coward | more than 3 years ago | (#35893946)

You don't have a Samsung Droid X. Samsung doesn't make Droid X, Motorola does. Samsung makes the Galaxy series.

Re:What about "Skype mobile on Verizon" ? (0)

Anonymous Coward | more than 3 years ago | (#35948574)

You don't have a Samsung Droid X. Samsung doesn't make Droid X, Motorola does. Samsung makes the Galaxy series.

lol, yikes! I've been reading Slashdot for years and my first comment on a story is ripped to shreds due to my early-morning-too-tired-simple-mistake. Thanks for the welcoming Anonymous Coward. Does anyone know if Skype for the MOTOROLA Droid X has been patched?

#1 Reason OWNERS b allowed remove preloaded apps (0)

Anonymous Coward | more than 3 years ago | (#35893252)

This highlights the number 1 reason PHONE OWNERS (yes... we are OWNERS) should be able to REMOVE any application they don't want, regardless if the phone vendor preloads applications on them. Users should not have to "ROOT" these stupid vendor specific phones to remove spyware like Skype. (Thanks Apple for using this control the user, restrict what users are allowed to do model)

Skype with bad software? Say it isn't so! (0)

Anonymous Coward | more than 3 years ago | (#35895190)

Skype software sucks. Bad.

I have to use it for work and on my PC, it just pops up randomly with an ad that disables my screen saver (and that's with a PAID ACCOUNT that gives me access to phones and a phone number). Also, ever seen how many ports it opens up? Plus, who made that horrible excuse for a UI???

The Skype folks need some serious lessons in software development and interface design. I wish I didn't have to use it for work.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...