Back to Blog

31 million Android users’ personal data exposed thanks to an insecure keyboard app

December 6, 2017

By: Sikur

Capturar

by Vaughn Highfield

6 Dec 2017

Users of an incredibly popular Android keyboard app have been left exposed in a new data leak

Other than the worry that a dodgy keyboard app could be logging your every keystroke and sending it off to some suspect third-party, you’d hope something as straightforward as typing was worry free. Unfortunately not, as an incredibly popular keyboard app has just suffered at the hands of a mammoth data breach all because it wasn’t storing personal user information on a secure server.

The app, AI.type, stored its data on a server owned by company co-founder Eitan Fitusi. The server held user information, including personal records, totalling over 577 gigabytes of sensitive data including names, emails and how long the app had been installed. The data also contained information around user’s precise location, including city and country.

Bizarrely, only Android users are affected by the breach, presumably because iOS user information is stored on a separate server database.

The data breach was discovered by security researchers Kromtech Security Centre and then corroborated by ZDNet. Interestingly, Fitusi has repaired the security lapse but hasn’t issued a statement around the information breach beyond acknowledging that it had happened.

Users on the free version have more data farmed from their usage than that of the paid version – a statement made clear in its privacy policy. This data is then monetised through advertising, but it was also stored on the insecure server, linked to individual users. It also contained seemingly useless information such as each user’s IMSI and IMEI device number – which are unique numbers to identify a phone on the global network and one to identify it on a particular network – alongside make and model information, screen resolution and even the version of Android it’s running.

MORE: http://www.alphr.com/security/1007893/31-million-android-users-personal-data-exposed-thanks-to-an-insecure-keyboard-app

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.