February 22, 2018

Android keyboard app leaks personal information about 31 million users

06 December 2017, 05:59 | Kevin Scott

Inc. All rights reserved. This material may not be published broadcast rewritten or redistributed

Popular virtual keyboard app leaks 31 million users personal data

While the app is available for both iOS and Android, the leaked data seems to relate only to Android users.

The discovery was found by security researchers at the Kromtech Security Center, which posted details of the exposure alongside ZDNet.

Had any of the malicious types that lurk on the web found the server they could have extracted all manner of user data, from full names, email addresses, and location, basically a treasure trove of information for people who get their kicks from identity theft and fraud. We've attempted to contact ai.type for comment and clarification as to what the hell it was playing at.

ZDNet who obtained a portion of the database to verify the information collected by the servers made a few scarier revelations to the breach. It totaled more than 577 gigabytes in size and contained information including users' full names, a list of applications installed on the phone, email addresses, precise location (including city and country), and how many days users have had the application installed. The records also included the user's location set by Global Positioning System, including their city and country. The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. Some of the records, however, are far more significant and include phone numbers and IP addresses. It also slurped 373 million names and phone numbers from the contacts of over six million users.

While many of those details amount to basic records, the database also house records that revealed more sensitive information about users. One table listed 10.7 million email addresses, while another contained 374.6 million phone numbers. Not only do they tend to offer more features over the stock keyboard shipping on most smartphones, but in some cases, they provide better auto-correct and prediction technology than the first-party alternatives. This data is then monetised through advertising, but it was also stored on the insecure server, linked to individual users.

It's not unusual for on-screen keyboards to have wide-ranging access to some of the highest levels of Android permissions. AI.type is no exception, with read access to contact data, text messages, photos and video access and other on-device storage, record audio, and full network access. While it promises to keep the content "encrypted and private", the company failed to even secure the database.

IPL franchises will spend Rs 480-640 crore on players next season
The salary cap for each franchise has been upped from Rs 66 crore, and will increase progressively over the next three years. However in the meeting it was discussed that teams could retain not more than than three Indian and two foreign players.

Beyoncé Presents Colin Kaepernick With SI Muhammad Ali Legacy Award
To change perception, to change the way we treat each other, especially people of color. Kaepernick accepted the award on behalf of others.

What Sanchez Said To Herrera During Arsenal vs. Manchester United Is Outrageous
So desperate is Guardiola to sign his former Barcelonapupil, he is willing to pay more than double City's original offer of £20m. The pair have been in impressive form for Arsenal in recent weeks.

But the database wasn't encrypted. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company.

"Why would a keyboard and emoji application need to gather the entire data of the user's phone or tablet?"

Bob Diachenko, head of communications at Kromtech Security Center, warned of the dangers of using free apps.

For now, the possibility that anyone who download the keyboard apps had all of their phone data exposed publicly online is a "logical" thought, adds Kromtech's Diachenko.

"It is clear that data is valuable and everyone wants access to it for different reasons", Alex Kernishniuk, VP of strategic alliances at Kromtech, said.

Ai.type uses artificial intelligence to help users type faster and more accurately.

Other News

Trending Now

Time Magazine names #metoo movement as 2017 Person of the Year
Also on Time's list is Robert Mueller , the special counsel probing the Trump campaign's possible ties to Russian Federation . The runner up for Person of the Year was President Donald Trump , followed by President of China, Xi Jinping .

US Supreme Court allows Trump's travel ban to take full effect
The administration has appealed both decisions to federal appeals courts in Seattle and Richmond, Va. Protesters gather at a rally against the travel ban in Washington , DC, on October 18, 2017.

Poundland owner's shares collapse following chief executive resignation and accounting probe
It is not clear if these are the accounting irregularities Steinhoff is referring to in its latest statement. Shares in the firm tumbled over 60% in South Africa on Wednesday as investors digested the news.

Virat Kohli and Anushka Sharma to get married in Italy next week
When contacted, Anushka's spokesperson said, "There is absolutely no truth to it (rumours of marriage)". A news channel has reported that the long-time couple were planning a wedding bash in Italy this month.