Published: Thu, December 07, 2017
Sci-tech | By Carrie Guzman

Should You Change Your Password? AI.Type Keyboard App Leaks Personal Information

Should You Change Your Password? AI.Type Keyboard App Leaks Personal Information

Speaking to the BBC, however, ai.type's founder and chief executive, Eitan Fitusi, referred to the leaked database as "a secondary database", and denied the scale of exposed data was as high as claimed.

"Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online", warned Diachenko.

Recent data breaches have shown that access to personal data at the time of installing apps should be given only if it is relevant for the app.

Perhaps most troubling for users of AI.type was the discovery of more than 8.6 million text entries that contained information typed on the keyboard app.

It shouldn't come as a shock to anyone since keyboard apps usually come with a warning that they may be able to collect "everything" you type. "This is a shocking amount of information on their users who assume they are getting a simple keyboard application", he said.

While AI.type says the database has since been secured, the report is still incredibly damning, specifically relating to the app's collection of seemingly critical information.

Delta, American Airlines place restrictions on smart bags
American Airlines announced its ban on December 1, and other airlines have followed, including Alaska Airlines and Delta. Smart bags contains Global Positioning System tracking devices and USB ports to charge smartphones and other devices.

So pretty much the promise of privacy, which ai.type outlines on its website has appeared to have a strong whiff of BS.

ZDNet obtained a portion of the database to verify. Leaked records as per Kromtech Security, also had a range of other statistics like the most popular users' Google queries for different regions. Android users who install the free version of the app might be scared away by an alert that says the keyboard may collect "all the text you type", including passwords and credit card numbers. Every single successful cyber-attack or developers failing to secure cloud data exposes millions of credentials and personal details of users, but many mobile phone users are not aware of such risks. It also reflects how much information app developers are collecting from users without letting such users know what they intend to do with such data. Accompanying the numbers were the make and model of the device, its screen resolution and the version of Android it was running. Bob Diachenko, head of communications at Kromtech Security Center, wonders if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.

ZDNet said it also found several tables of contact data uploaded from a user's phone, one with 10.7 million email addresses and another with 374.6 million phone numbers.

A large portion of the records also included the user's phone number and the name of their cell phone provider, and in some cases their IP address and name of their internet provider if connected to Wi-Fi.

For reasons now unclear, some of the leaked information is reported to also include details linked to Google profiles, such as birth dates, genders, and profile pictures.

"This is once again a wakeup call for any company that gathers and stores data on their customers to protect, secure, and audit their data privacy practices", says Alex Kernishniuk, vice president of strategic alliances at Kromtech, which helped to uncover the leak. However, he outlined that most of the data was insensitive.

Like this: