Keyboard for Android exposes data of 31 million users

If you use or have already downloaded the keyboard AI.type, it’s good to take care of: their personal data may have been exposed by a leak of the database of the application, which was stored on a server without a password (!).

The virtual keyboard has been downloaded over 40 million times, and it is estimated that 31 million users were exposed. It offers custom themes, multiple language support, swipe, calculator, and tip of emojis.

Despite having versions for Android and iOS, only the information of the Android users have been exposed. Are more of 577 GB of data, which include at least the following information:

  • full name
  • e-mail address
  • location, including city and country
  • there are how many days the application was installed
  • screen resolution
  • messages sent per day, per session, and age of the users

The privacy policy of the AI.type free, that collects more data than the paid version, still express that the application has permission to store the IP address along with its location obtained by the network, contacts list, text messages, IMEI, list of installed applications, and other “behavioral data”.

The ZDNet had access to a part of the database and has confirmed the record of this sensitive information, in some cases. The site also found that other information was also exposed, such as the telephone number, name of carrier and provider of internet in the Wi-Fi. Some records also show detailed information from the public profile on Google, such as date of birth, gender and profile photos.

Is quite worrying that the data stored for a keyboard to be exposed because, well, he knows everything that you type. In spite of the AI.type show on their web site that any character typed is encrypted, ZDNet discovered a table with 8.6 million records of text that were typed by the keyboard, including phone numbers, search terms, email addresses and their corresponding passwords (!!).

The case is a warning for the use of third-party keyboards on Android, you have access to absolutely everything that you type. On the iPhone, I’m still using SwiftKey, bought by Microsoft, but the default keyboard of Apple always appears when it is necessary to enter any password. Now, I see that it is a necessary measure.

With information: Kromtech Security Center.

Keyboard for Android exposes data from 31 million users

Leave a Reply