31 million Android users’ personal data exposed thanks to an insecure keyboard app


by Vaughn Highfield

6 Dec 2017

Users of an incredibly popular Android keyboard app have been left exposed in a new data leak

Other than the worry that a dodgy keyboard app could be logging your every keystroke and sending it off to some suspect third-party, you’d hope something as straightforward as typing was worry free. Unfortunately not, as an incredibly popular keyboard app has just suffered at the hands of a mammoth data breach all because it wasn’t storing personal user information on a secure server.

The app, AI.type, stored its data on a server owned by company co-founder Eitan Fitusi. The server held user information, including personal records, totalling over 577 gigabytes of sensitive data including names, emails and how long the app had been installed. The data also contained information around user’s precise location, including city and country.

Bizarrely, only Android users are affected by the breach, presumably because iOS user information is stored on a separate server database.

The data breach was discovered by security researchers Kromtech Security Centre and then corroborated by ZDNet. Interestingly, Fitusi has repaired the security lapse but hasn’t issued a statement around the information breach beyond acknowledging that it had happened.

Users on the free version have more data farmed from their usage than that of the paid version – a statement made clear in its privacy policy. This data is then monetised through advertising, but it was also stored on the insecure server, linked to individual users. It also contained seemingly useless information such as each user’s IMSI and IMEI device number – which are unique numbers to identify a phone on the global network and one to identify it on a particular network – alongside make and model information, screen resolution and even the version of Android it’s running.

MORE: http://www.alphr.com/security/1007893/31-million-android-users-personal-data-exposed-thanks-to-an-insecure-keyboard-app

Mais do que uma solução tecnológica, somos uma decisão estratégica para as organizações.

Nossa missão é redefinir a relação das empresas com a cibersegurança e a experiência dos usuários no processo de autenticação e acesso a ativos tecnológicos.