'Reckless' Android keyboard developer leaks personal data of 31 million users

'Reckless' Android keyboard developer leaks personal data of 31 million users

'Reckless' Android keyboard developer leaks personal data of 31 million users

Personal data of 31,293,959 users of a popular virtual keyboard app, ai.type, has leaked online due to a misconfigured MongoDB database. He said it contained secondary information that was "mostly statistical behavior information, about user use patterns of the keyboard".

Now it's worth pointing out that the ai.type Keyboard app does note that it'll suck up data and requires permissions to the user's mobile contacts database, though it points out that "all information is locally stored on smartphone's vocabulary". Each record also included a user's precise location, including their city and country. While it promises to keep the content "encrypted and private", the company failed to even secure the database.

While the personalization features offered by ai.type certainly require a certain amount of data to be collected about users, questions have been raised about just how far-reaching this data collection has been.

While many of those details amount to basic records, the database also house records that revealed more sensitive information about users.

The boss of the Israeli company behind the app admitted the breach but said most of the data was not sensitive. There is no confirmation that malicious actors had accessed the data, though "theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", said Bob Diachenko, head of communications at Kromtech Security Center.

The app, available for both Android and iOS, has a free version, which per its privacy policy collects more data than the paid version, which the company uses to monetize with advertising.

Читайте также: Flynn texted during inauguration to suggest Russian Federation sanctions would end, Democrat says

"This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user".

Recent data breaches have shown that access to personal data at the time of installing apps should be given only if it is relevant for the app.

More complete records also include the device's IMSI and IMEI number, the device's make and model, its screen resolution, and the device's specific Android version. If the user's device was connected to a Wi-Fi network, the app also leaked the IP address of the device and the internet provider of the network.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures. In particular he denied that IMEI information was collected, said the collected geo-location data was not accurate, and pointed out that user behavior data was only collected from ads that were clicked.

"It is clear that data is valuable and everyone wants access to it for different reasons", he said.

"This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices", says Alex Kernishniuk, vice president of strategic alliances at Kromtech, which helped to uncover the leak. However, he outlined that most of the data was insensitive.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Related news