AI.Type unsecured server said to cause the leak and affect only Android users but now it is secured.
Yet another dodgy Android app is found by security researcher at the Kromtech Security Center. The app is said to be leaking personal data belonging to over 31 million customers. This app was allegedly not keeping its promise of privacy, as outlined on their website. The text user enters using the app is not encrypted. As the researchers found a table containing 8.6 million entries of entered text by the user and could read it.
It is all done by the popular virtual keyboard app named AI.type from Tel-Aviv, used by both Android and iOS users across 40 million devices. If such an app cannot keep our data safe then who can? Who to trust? It is a point of debate.
See Also: Best Android Antivirus Apps 2017
What All Platforms Were Affected?
As per reports only the Android version is affected. So, iOS users can relax and use the app. It was found that the app was extracting personal data from users and storing it on an unsecured database server by the app’s co-founder Eitan Fitushi.
After the data leak of 577 GB was reported, Fitushi has claimed that the server is now secured.
An open server is a treasure trove for cybercriminals who earn profits by selling user data. It gives access to unlimited data ranging from full names, e mail address, location and all other important information.
According to the Kromtech Security Center, AI.type server was using a Mongo hosted database, that is used by many companies to store data. But a simple misconfiguration can lead to disaster and expose all the stored data online. Therefore, one needs to be cautious.
Also, security researcher Bob Diachenko from Kromtech Security Center have noted that more data is collected by Free version of the app compared to paid. The reason can be as the former is involved in monetization. Not only this some records have more detailed information like user device location, IMEI and IMSI number of the device, model number and the Android version used by the user.
Where Does The Problem Lie?
Now, it’s worth pointing that a virtual keyboard app stores, more information than required. To use free version of an app we provide all the information asked by the app without even noticing whether it is required or not.
Bob Diachenko said: “It raises the question of why would a keyboard and emoji application need to gather the entire data of the user’s phone or tablet? Based on the leaked database they appear to collect everything from contacts to keystrokes. This is a shocking amount of information on their users who assume they are getting a simple keyboard application.”
Such incidents of data breach are worrying if well-known app like AI.type Keyboard cannot be trusted then who can be? Does this mean that we need to console ourselves to stick with default keyboards for the time being or is there any other solution?