Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype, and perhaps Signal, and possibly Signal, that could lead to privilege escalation and data loss, including private keys. The issue stems from Intent, an API that Android uses to share content. Most of the apps the researchers single out in the report have since been patched, but they claim Skype is still vulnerable and that the vulnerability is definitely present in many more apps . The two gave a presentation on the vulnerability during a panel at GI Sicherheit 2016, a security conference in Bonn, Germany on Monday.
Source: https://threatpost.com/surreptitious-sharing-android-api-flaw-leaks-data-private-keys/117174/