Home / Uncategorized / Lazy keyboard security Ai.Type filters millions of user data

Lazy keyboard security Ai.Type filters millions of user data

Virtual keyboards are perhaps one of the strangest and often underestimated types of software on today's mobile devices. On the one hand, it is easy to take them for granted because they are just on-screen keyboards. On the other hand, everything you write, including confidential information such as passwords and credit card details, goes through them. With such power, keyboard developers must also assume a great responsibility. Unfortunately, a "popular" keyboard with the name of Ai.Type did not believe it, filtering more than 31 million user data simply because it did not protect its own database with a password.

As the name implies, Ai.Type is a keyboard that promises to take advantage of the latest buzzwords to improve the user experience. It boasts of having more than 40 million users worldwide, both in Android and iOS, a fact that is confirmed ironically by this massive filtering. Unfortunately for Android users of those 40 million, almost all of their personal information has been uploaded into the Ai.Type database and, consequently, is potentially stolen by a hacker.

It is not unusual for third-party keyboards to request access to different parts of the operating system. Android and iOS warn users of the risk of using such keyboards. But Ai.Type seems to have made an extra effort and requires permissions for anything and everything available on your Android device. Given the amount of facilities that your Play Store page says it has, many users accepted such a thing.

Unfortunately, the developers did not go the extra mile to protect their own database. It is very easy for anyone with knowledge of piracy to access almost 580 GB of user data. That big bundle includes everything from the email address, phone number and telemetry of the device to contacts, location, birthdays and everything that was typed through the keyboard, including passwords. To make matters worse, the data was not encrypted at all, contrary to the privacy policy of the company.

Therefore, on the one hand, you have a developer who did not even take the most basic precautions to ensure the security of your own database. On the other hand, it also has a developer who has collected many more data than he needs and in a way that violates his own policies. It is a lose-lose situation for users, and the company based in Tel Aviv, as expected, has kept quiet.


Source link

Leave a Reply