Giving another blow to mobile security, a recent flaw in Skype for Android has given the advantage to cyber criminals and hackers. The so-called “sloppy-coding” in Skype application for Android devices may let hackers chase private information from smartphones, including the user’s name and email address, contacts and chat logs, which is a really bad news.  The news was disclosed by Justin Case, a regular contributor to the Android Police blog who informed that Skype on Android does not block access to a number of sensitive data files stored on the handset.

This includes opportunities for the theft of important and confidential information on the smartphone, including full name, date of birth, alternate phone numbers, account balance, instant chat logs and all Skype contacts. Case also created an Android application that demonstrated retrieving the unsecured data, and warned that hackers could do the same.

Here’s what Case has to say,

“Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but [they’re] completely unencrypted. A rogue developer could modify an existing application with code from our proof of concept, distribute that application on the [Android] Market, and just watch as all that private user information pours in.”

Later on, Adrian Asher, Skype’s chief information security officer also acknowledged the same, calling it “privacy vulnerability” in its Android client.

“We are working quickly to protect you from this vulnerability, including securing the file permissions on the Skype for Android application,” said Adrian Asher, in an entry on a company blog.

Besides, he also advised users to “to take care in selecting which applications to download and install” on their smartphones, which was completely overlooked by Chet Wisniewski, a security researcher at Sophos.

“How you would implement that advice is difficult to know, as an application wishing to steal your Skype information doesn’t require special permissions,” Wisniewski said. “This could simply be written up as sloppy coding at best, or disrespect for your privacy at worst,” he said. “[But it] makes one wonder about the Skype for iOS application. Is it safer in Apple’s App Store?”

While this Skype vulnerability is primarily an app-related issue, its presence on Android’s platform only brings more attention back to Google’s ongoing issues with its mobile OS.  Giving his point on Android’s insecurity, Microsoft’s Windows Phone developer and evangelist Dave Glover said that this is giving a good chance to Windows Phone to  succeed in business, as there is too much malware attacking the Android operating system, which is also more difficult to develop for.

“Windows Phone is aimed at the consumer market but it already has good integration with Exchange and SharePoint for business. An enterprise might not want to make an app public and we are aware of that. There is a lot of malware targeting the Android platform. I’ve spoken to developers who have written apps for both platform and they say developing on Windows Phone is faster than Android and the development tools are more mature,” Glover said.

His statement clearly reflects the kind of potential he is seeing for Windows Phone, especially when the much-loved Android is becoming a target for hackers.

This is not the only bad news for Android, as it experienced several malware attacks and pirated apps in the past few months. But yes, it is making significant efforts to update its security system. We recently heard Google updating its  security offerings and collaboration services for Android users. This is especially important for mobile professionals, and brings Android on par with Apple iOS mobile security offerings.