Ai.type – the virtual keyboard app for Android has suffered a massive data breach. The company database was discovered unprotected online, exposing the names, phone numbers, locations and Google queries of its 31 million users. This discovery has again raised questions about the unacceptable and ridiculous amount of data that Android apps request and harvest from their users.
The security researchers who discovered leak (Kromtech Security Centre) have revealed that the leaked information includes:
- Telephone numbers,
- Full name of the owner,
- Device name and model,
- Mobile network name,
- SMS number,
- Screen resolution,
- User languages enabled,
- Android version,
- IMSI number (international mobile subscriber identity used for interconnection),
- IMEI number (a unique number given to every single mobile phone),
- Emails associated with the phone,
- Country of residence,
…And most disturbing of all:
- Information associated with the users social media profiles (birthdate, title, email addresses etc.)
- Photos (links to Google+, Facebook etc.),
- IP address (if available),
- Physical location details (long/lat).
Right now the quality of apps on the Google Play Store means your only choice is do you or don’t you want to install it. If you do install apps then you have accept all the terms and conditions often without realising exactly what they entail. In this situation, the amount of data being sent to an unknown uncontrollable server is staggering. To harvest full name, phone number, email address, device name, screen resolution, model details along with so much more personal info as well as users entire contacts list is just NOT NEEDED for an app.
A really major point here is that when you download a new cute keyboard for your phone, you don’t realise that you are giving the app the right and the ability to record everything you type while you are using it – that means, message contents, usernames, email addresses, banking account information and passwords.