Skype has recently surpassed 100 million downloads on Android but the latest update that came along with that announcement has been found to carry a bug that will enable the lock screens on smartphones running the app to be bypassed.
The bug was uncovered by XDA Developers forum admin Pulser and was tested with the aforementioned Skype release on a number of Android devices, including the Sony Xperia Z, Samsung Galaxy Note 2, and Huawei Premia 4G.
According to Pulser, the Skype app “appears to have a bug which permits the Android inbuilt lock screen (i.e., pattern, PIN, password) to be bypassed relatively easily, if the device is logged into Skype, and the ‘attacker’ is able to call the ‘victim’ on Skype.”
To reproduce the bug, users can Skype call another device that’s also logged into Skype, which will wake it up while it rings. Users can accept and then end the call, which will display the lock screen again. Tap the power button once to put the device back to sleep, and then tap it again, and the lock screen will be bypassed, and will remain so until the device is rebooted.
If this sounds familiar, it should. Users of Viber experienced a similar issue back in April, which was fully resolved quickly, but is nevertheless troubling. We’ve contacted Skype with this bug report and will update everyone soon.