Android keyboard app leaks personal information about 31 million users
A report published today by the Kromtech Security Center reveals that 31,293,959 users of a Android keyboard app called AI.type have had their personal data stolen and leaked on the internet. 577GB of data was outed thanks to the lack of password protection for the app's database server. The app, which was launched in 2010, was downloaded about 40 million times from the Google Play Store. According to the report, in addition to the 31.2 million users affected by the leak, another database was found containing an additional 753,456 users.
The information contained in the database included client registration data. This data revealed the name of the phone that the app was downloaded on, the device's unique IMEI number, the mobile network that the phone runs on, the name of the phone's owner, resolution of the phone's screen, SMS number, information from social media profiles including birthdates, email addresses, photos and more. Other information leaked included the names of apps downloaded on users' phones.
The app, created by Eitan Fitusi, has a free version that collects more personal data than the paid version, which is monetized by ads. AI.type says that its main concern is user privacy, and that text written using the keyboard is encrypted. But ZD.Net says that it found signs that text typed on the app is recorded and kept by the company. And it wasn't until ZD.Net attempted to get in touch with developer Fitusi that the database was secured.