Android users must uninstall this app immediately or risk getting ripped off

Android users must uninstall this app immediately or risk getting ripped off
The other day we told you about malware that keeps reinstalling itself on Android phones even after a factory reset. Today, we have a story about a typing app once found in the Google Play Store called ai.type. Installed over 40 million times, the app has been making purchases of premium digital content without permission from the phone's owner. Besides making these purchases, the app runs ads in the background and produces fake clicks to help bad actors generate revenue. It also sends to ad networks data containing real views, real clicks and real purchases. Security firm Upstream notes that the app has caused problems in 13 countries with those in Egypt and Brazil particularly vulnerable.

The Upstream Secure-D mobile security platform (the same security platform that blocked unauthorized premium purchase requests coming from the Snaptube video app), prevented 14 million suspicious transactions related to ai.type from going through. These requests were made from only 110,000 devices that had installed ai.type. Had they not been blocked by Secure-D, these bogus premium purchases would have cost Android users over $18 million in unauthorized transactions.

This app sent out verifying texts confirming subscriptions to premium content without the knowledge of the victim


The app, developed by an Israeli company called ai.type LTD, bills itself as a free emoji keyboard. And even though it was removed from the Google Play Store in June, it still remains on millions of Android devices. Not that long after it was booted from the Play Store, Secure-D spotted a surge in suspicious activity that peaked near 400,000 such events a day in August. Upstream suggests that anyone who installed the app on their phone check the device for unusual behavior. They should also go over their phone bills, looking for unauthorized or unknown premium charges. Additionally an increase in data consumption can also be the sign of a malware-laden app.

Explaining how this app is a threat to phone owners, Dimitris Maniatis, the head of Secure-D at Upstream, states that "ai.type contains software development kits (SDKs) with hardcoded links to ads and subscribes users to premium services without their consent. These SDKs navigate to the ads via a series of redirections and automatically perform clicks to trigger the subscriptions." Maniatis explains why users might not even notice that something is wrong by pointing out that "this is committed in the background so that normal users will not realize it is taking place. In addition, the SDKs obfuscate the relevant links and download additional code from external sources to complicate detection even from sophisticated analysis techniques. Bottom line: innocent users are paying for these hidden, unauthorized purchases and related data consumption whose source is buried in the app."


According to Upstream CEO Guy Krief, mobile advertising fraud is a $40 billion a year market. In any given region, he says that one in ten devices can be infected. Krief also points out that these apps are hard to spot and because they "(dress) up to appear as legitimate and often popular applications, undetected malware damages the industry’s reputation, leaving mobile operators and their customers to pick up the tab." With that in mind, ai.type has disguised itself as other apps including Soundcloud.


Images published by Upstream showed verification texts sent from infected phones without the knowledge of the handset's owner. These messages show how victims can find themselves on the hook for premium subscriptions that can charge users daily running up quite a bill. Upstream explains that virtual keyboard apps typically require high-level permissions and ai.type wanted permissions to text messages, photos, videos, contact data, and access to on-device storage. Secure-D considers this to be "dangerous" because it allows the app to read user’s contacts’ data, read or write to the phone’s external storage, gain access to the list of existing accounts on the device, and allows the app to record audio.

If you have ai.type on your Android phone, delete it immediately. There are other keyboard apps from the same developer including one for tablets, and lite and plus versions of the keyboard. Frankly, why take the risk? We'd stay away and uninstall all of them at this point.

FEATURED VIDEO

14 Comments

1. JCASS889

Posts: 594; Member since: May 18, 2018

Anyone with half a brain would never download these apps.

9. ahmadkun

Posts: 649; Member since: May 02, 2016

Bro.. people should download whatever they like .. you can’t blame them, let’s just be honest that google can’t protect their users.

10. miketer

Posts: 535; Member since: Apr 02, 2015

You're absolutely right.

15. NOLATechie

Posts: 12; Member since: Apr 28, 2015

Don't put full blame on Google, the same types of apps are appearing in the Apple App store. We consumers have to take some responsibility into our own hands and realize that not all apps are safe and we need to use good judgement about downloading them to our devices. Google and Apple can only do so much. But I agree they both need to do a bit more on scanning these apps before allowing them into the app stores.

13. Back_from_beyond

Posts: 1459; Member since: Sep 04, 2015

Once upon a time ai.type was actually one of the better third party keyboard apps. They screwed that up when they you had to opt in on sharing user data and it fell from grace.

2. JCASS889

Posts: 594; Member since: May 18, 2018

All these people are doing is targeting children to get them infected with malware, this is why people under a certain age should only have access to certain things on the internet.

3. gazmatic

Posts: 822; Member since: Sep 06, 2012

Google always has malware on its store. Bruh.

4. NarutoKage14

Posts: 1339; Member since: Aug 31, 2016

Google needs to step up it's app vetting process. This is just getting ridiculous. If all these malware apps were being found only in 3rd party, unpoliced stores it would be one thing but they have been running in the play store recently.

5. sirohunter

Posts: 209; Member since: Sep 23, 2017

Another day, another malware-loaded android app. #nohate #happyhalloween

6. Vancetastic

Posts: 1698; Member since: May 17, 2017

Why does anyone need an emoji keyboard? There's emojis on keyboards already as far as I know.

7. JCASS889

Posts: 594; Member since: May 18, 2018

They target kids with zero knowledge of internet based threats, Google really needs to fix this issue and kids need to be controlled on what they can do online.

8. tbreezy

Posts: 115; Member since: Aug 11, 2019

Lol, where in this does it talk about kids? :’D please stop making excuses.

14. Vancetastic

Posts: 1698; Member since: May 17, 2017

I guess they also target people with zero knowledge of keyboards.

11. Ashoaib

Posts: 3309; Member since: Nov 15, 2013

Isreal is a master of spying. Any app originating from Israel can be a potential spying tool. And the Americans are busy bad naming Huawei.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.