Virtual Keyboard App Reveals Data Of 31m Android Users

Popular Keyboard App with Tens of Millions of Downloads Leaks Data of Its 31 Million Users

Third-party Android and iOS keyboard ai-type is at the center of something of a privacy nightmare after a misconfigured database leaked the personal details of more than 31 million of its users.

The database, which appeared to contain information exclusively from Android users, belonged to AI.type co-founder Eitan Fitusi.

Considering the unsecured database was accessed by malicious actors or hackers who are always on the prowl, those mobile device user who downloaded the Ai.Type virtual keyboard app have had all of their phone data exposed publicly online.

While it may have tens of millions of users all over the world, the app's developers failed to protect the database with a password, enabling anyone to access this database that is over 577 GB heavy.

Worst of all, researchers claimed the app stored - and uploaded to the insecure server - text entered into the keyboard, such as phone numbers, private and sensitive information, web search terms, emails addresses and their corresponding passwords.

The records themselves contain each user's full name, email address, how long they have had the app installed as well as precise details on their exact geographical location. The records also included the user's location set by Global Positioning System, including their city and country. Those that logged into the app using a Google profile also had their information scraped, revealing email addresses, dates of birth, gender and even profile photos.

Fitusi who acknowledged the breach has secured the server since the news went public but did not respond to any questions. Every single successful cyber-attack or developers failing to secure cloud data exposes millions of credentials and personal details of users, but many mobile phone users are not aware of such risks.

It seems that users who downloaded the freemium version of Ai.type had more data exposed than those with the paid version as the free one collects more information from devices.

AI.type says on its website that user's privacy 'is our main concern'.

For users who are anxious they may have typed a password or other sensitive information while using the app, there is little recourse as it's impossible to know for sure if that data was recorded and exposed. "This also exposed just how much data they access and how they obtain a treasure trove of data that average users not do expect to be extracted or data-mined from their phone or tablet".

"This presents a real danger for cybercriminals who could commit fraud or scams using such detailed information about the user", Diachenko added.

"It is clear that data is valuable and everyone wants access to it for different reasons", he said. Bob Diachenko, head of communications at Kromtech Security Center, wonders if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices. "Some want to sell the data they collect, others use it for targeted marketing, predictive artificial intelligence, and cyber criminals want to use it to make money in more and more creative ways".



Other news