May 23, 2018

Android keyboard app leaks personal information about 31 million users

06 December 2017, 05:59 | Kevin Scott

Android keyboard app leaks personal information about 31 million users

Android keyboard app leaks personal information about 31 million users

While the app is available for both iOS and Android, the leaked data seems to relate only to Android users.

The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet.

Had any of the malicious types that lurk on the web found the server they could have extracted all manner of user data, from full names, email addresses, and location, basically a treasure trove of information for people who get their kicks from identity theft and fraud. We've attempted to contact ai.type for comment and clarification as to what the hell it was playing at.

ZDNet who obtained a portion of the database to verify the information collected by the servers made a few scarier revelations to the breach. It totaled more than 577 gigabytes in size and contained information including users' full names, a list of applications installed on the phone, email addresses, precise location (including city and country), and how many days users have had the application installed. The records also included the user's location set by Global Positioning System, including their city and country. The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. Some of the records, however, are far more significant and include phone numbers and IP addresses. It also slurped 373 million names and phone numbers from the contacts of over six million users.

While many of those details amount to basic records, the database also house records that revealed more sensitive information about users. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. Not only do they tend to offer more features over the stock keyboard shipping on most smartphones, but in some cases, they provide better auto-correct and prediction technology than the first-party alternatives. This data is then monetised through advertising, but it was also stored on the insecure server, linked to individual users.

It's not unusual for on-screen keyboards to have wide-ranging access to some of the highest levels of Android permissions. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access. While it promises to keep the content "encrypted and private", the company failed to even secure the database.

Delhi's 'very poor ' air quality likely to worsen
Pollution is considered severe plus or emergency when readings of PM2.5 and PM10 cross 300 and 500 ug/m3 respectively. AQI in neighbouring city of Vasundhara has also slipped into severe category with the PM 2.5 shooting up to 468.

New Match Announced For WWE Clash Of Champions
To make matters worse, Shane also announced tonight's show would feature Sami facing Orton in singles action, and Owens would be handcuffed to the ring.

Lionsgate Cuts John Travolta's Gotti Biopic Just 10 Days Before Release
The studio has also sold the film back to production company Emmett/Furla/Oasis Films . Entertainment Weekly speculated that the release will now occur sometime in 2018.

But the database wasn't encrypted. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"

Bob Diachenko, head of communications at Kromtech Security Center, warned of the dangers of using free apps.

For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

Ai.type uses artificial intelligence to help users type faster and more accurately.

Other News

Trending Now

Christiane Amanpour Will Replace Charlie Rose at PBS on Interim Basis
PBS added that it is finalizing plans for another public affairs show to follow Amanpour in the 11:30 p.m. timeslot. Her profile widened as she worked from eastern Europe and the Middle East for CNN in the 1980s and 1990s.

Bengaluru: Woman complains molestation inside cab- Ola driver suspended
The incident took place around 10.30 pm on Sunday, in a deserted spot on the Ring Road in south east Bengaluru . The spokesperson also urged the customer to lodge a formal complaint with the authorities.

Congress linking 'Ayodhya Ram Temple' with 2019 elections: PM Modi
The Congress has distanced itself from Mr Sibal's comments, saying "who he represents in court is Kapil Sibal's personal matter". The Hindus, however, claim that a Ram temple that originally stood there was demolished to construct the mosque.

Virat Kohli and Anushka Sharma to get married in Italy next week
When contacted, Anushka's spokesperson said, "There is absolutely no truth to it (rumours of marriage)". A news channel has reported that the long-time couple were planning a wedding bash in Italy this month.