Skip to content

December 6, 2017

AI.type virtual keyboard leaks personal data for 31 million Android users

by John_A

Yeah, this isn’t good.

Third-party keyboards on Android have been tremendously popular for years, and one of the biggest ones – AI.type – recently had personal data leaked online for 31 million people that have downloaded it according to Kromtech Security Center. Seeing as how that’s 77.5% of AI.type’s 40 million global users, there’s a good chance your data is at stake if you use or have used the app in the past.

How in the world did this happen?

AI-Type-keyboard_0.JPG?itok=tViD92Eg

AI.type’s main server is owned and run by Co-Founder Eitan Fitusi, and despite having over 577GB worth of user data on it, the server wasn’t protected by any sort of password. Only personal data for Android users is apparently stored, and while Fitusi has since secured the server, it clearly wasn’t done fast enough.

According to ZDNet, personal data that’s been leaked includes the following:

  • Full name of users
  • Email addresses
  • Phone numbers
  • Cell phone service provider name
  • IP address
  • ISP name
  • Info from Google accounts (DOB, photos, gender)
  • City and country of residency
  • IMSI and IMEI numbers
  • Make/model of device(s) app was installed on

Users of the free version of AI.type appear to have more data collected than those that opted for the paid version, and this is something that AI.type consciously does per its privacy policy as a way to make money with more personalized ads.

Users of the free version of AI.type are at a greater risk.

Along with the leak, we also get to see that AI.type might not have been so truthful with claims of its users’ privacy being its “main concern.”

Text entered using AI.type is recorded and then saved for an undisclosed amount of time and emails, passwords, and other sensitive information are saved by those using the keyboard despite AI.type claiming to “never share your data or learn from password fields.”

Speaking to ZDNet, Head of Communications at Kromtech Security Center, Bob Diachenko, said:

Theoretically, it is logical that anyone who has downloaded and installed the Ai.Type virtual keyboard on their phone has had all of their phone data exposed publicly online. This presents a real danger for cyber criminals who could commit fraud or scams using such detailed information about the user.

In other words, if you’ve ever used AI.type, you have reason to be concerned right now.

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: