A newly disclosed vulnerability in Skype for Android could be exploited by miscreants to bypass an Android phone’s passcode screen to view photos, contacts, and even launch browser windows.

Bug-hunter Florian Kunushevci today told The Register the security flaw, which has been reported to Microsoft, allows the person in possession of someone’s phone to receive a Skype call, answer it without unlocking the handset, and then view photos, look up contacts, send a message, and open the browser by tapping links in a sent message, all without ever unlocking the phone. This is handy for thieves, pranksters, prying partners, and so on. Here’s a video demonstrating the bypass…

Kunushevci, a 19-year-old bug researcher from Kosovo, said he was an everyday user of the Skype for Android app when he noticed that something appeared to be amiss with the way the VoIP app accessed files on the handset. Curious, he decided to put his white hat on, and take a closer look.

Source: Can’t unlock an Android phone? No problem, just take a Skype call: App allows passcode bypass • The Register