GO Keyboard is spying on millions of users according to researchers

  • Thread starter Siva
  • Start date
  • Replies: Replies 0
  • Views: Views 618

Siva

Staff member
Community Manager
Joined
20 Jul 2014
Messages
7,015
Solutions
4
Reaction score
12,495
Security researchers are warning Android owners that your keyboard may be spying on you. Researchers from Adguard say that two variants of Go Keyboard are sending personal information to remote servers and executing unauthorized code on devices. Go Keyboard is developed by the Chinese GOMO Dev Team.

The two versions of the keyboard are listed in the Google Play Store as “GO Keyboard – Emoji keyboard, Swipe input, GIFs” and “GO Keyboard – Emoticon keyboard, Free Theme, GIF“. The keyboards each have between 100k and 500k downloads, and are rated at 4.5 and 4.4 stars respectively.
Adguard decided to look into traffic associated with keyboards after the Touchpal keyboard was caught displaying ads on HTC phones earlier this year. Researchers determined that the GOMO team was collecting sensitive information including the email address associated with your Google Play Store account, network type, screen size, Android version, and build number. Additionally, the apps communicate with tracking networks and execute code from a remote server. Some of the downloaded plugins are marked as adware by multiple anti-virus programs.

Collecting the email address associated with your Google Play login and executing code on your device from a source outside of the Google Play Store are both violations of the Malicious Behaviors section of the Developers Policy Center. Here are the two policies its violating with these actions:
  • Apps that steal a user’s authentication information (such as usernames or passwords) or that mimic other apps or websites to trick users into disclosing personal or authentication information.
  • Apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play.
As worrying as the GOMO team’s behavior currently is, the real danger is if it decides to track everything you type. We use keyboards on our devices to type in sensitive information like passwords, bank account numbers, social media log-ins, and phone numbers. At the whim of the developers, all of this could be tracked and sent back to a remote server.

Adguard has passed its findings onto Google and is awaiting a response. It sums up its findings with this warning.
Whatever their decision is, we find this behavior unacceptable and dangerous. Having 200+ Million users does not make an app trustworthy. Do not blindly trust mobile apps and always check their privacy policy and what permissions do they require before the installation.​
GO Keyboard is spying on millions of users according to researchers
 
Back
Top Bottom
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock