- Joined
- 20 Jul 2014
- Messages
- 7,083
- Solutions
- 4
- Reaction score
- 12,659
Security researchers are warning Android owners that your keyboard may be spying on you. Researchers from Adguard say that two variants of Go Keyboard are sending personal information to remote servers and executing unauthorized code on devices. Go Keyboard is developed by the Chinese GOMO Dev Team.
The two versions of the keyboard are listed in the Google Play Store as “GO Keyboard – Emoji keyboard, Swipe input, GIFs” and “GO Keyboard – Emoticon keyboard, Free Theme, GIF“. The keyboards each have between 100k and 500k downloads, and are rated at 4.5 and 4.4 stars respectively.
Adguard decided to look into traffic associated with keyboards after the Touchpal keyboard was caught displaying ads on HTC phones earlier this year. Researchers determined that the GOMO team was collecting sensitive information including the email address associated with your Google Play Store account, network type, screen size, Android version, and build number. Additionally, the apps communicate with tracking networks and execute code from a remote server. Some of the downloaded plugins are marked as adware by multiple anti-virus programs.
Collecting the email address associated with your Google Play login and executing code on your device from a source outside of the Google Play Store are both violations of the Malicious Behaviors section of the Developers Policy Center. Here are the two policies its violating with these actions:
Adguard has passed its findings onto Google and is awaiting a response. It sums up its findings with this warning.
The two versions of the keyboard are listed in the Google Play Store as “GO Keyboard – Emoji keyboard, Swipe input, GIFs” and “GO Keyboard – Emoticon keyboard, Free Theme, GIF“. The keyboards each have between 100k and 500k downloads, and are rated at 4.5 and 4.4 stars respectively.
Adguard decided to look into traffic associated with keyboards after the Touchpal keyboard was caught displaying ads on HTC phones earlier this year. Researchers determined that the GOMO team was collecting sensitive information including the email address associated with your Google Play Store account, network type, screen size, Android version, and build number. Additionally, the apps communicate with tracking networks and execute code from a remote server. Some of the downloaded plugins are marked as adware by multiple anti-virus programs.
Collecting the email address associated with your Google Play login and executing code on your device from a source outside of the Google Play Store are both violations of the Malicious Behaviors section of the Developers Policy Center. Here are the two policies its violating with these actions:
- Apps that steal a user’s authentication information (such as usernames or passwords) or that mimic other apps or websites to trick users into disclosing personal or authentication information.
- Apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play.
Adguard has passed its findings onto Google and is awaiting a response. It sums up its findings with this warning.
Whatever their decision is, we find this behavior unacceptable and dangerous. Having 200+ Million users does not make an app trustworthy. Do not blindly trust mobile apps and always check their privacy policy and what permissions do they require before the installation.
GO Keyboard is spying on millions of users according to researchers