Android Police reports a security weakness in the Skype app for Android devices, which would enable a rogue app to access user names, call logs, and a wide range of personal information. The issue is that Skype stores user information in a data directory that is not encrypted, and because the same location is used to store the information across user devices, a rogue app can therefore be created which can access this. The publication said that Skype had stated it is “investigating the issue.”

According to Android Police, Skype stores its data in a directory which has the same name as the Skype username. However, Skype also stores the user name in a defined location which, once identified, can be used to access the full directory. The report notes that information at risk includes “account balance, full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, your webpage, your bio, and more,” and that the “contacts” table holds similar information on other users – “that is, more than Skype exposes on other users publicly.”

The flaw is apparently evident in commercial versions of the app, but the version offered by Verizon Wireless – which tightly integrates Skype services on its devices – is unaffected.