AI.type Keyboard App Leaks 31 Million Users’ Personal Data

AI.type Keyboard App Leaks 31 Million Users’ Personal Data

We may earn a commission for purchases made using our links.

Third-party keyboards are really popular on Android, and there’s a good reason. Not only do they tend to offer more features over the stock keyboard shipping on most smartphones, but in some cases, they provide better auto-correct and prediction technology than the first-party alternatives. But some third-party keyboards collect personal data in order to improve their features, which makes them an attractive target for attackers. Case in point: popular Android keyboard AI.type leaked the personal data for more than 31 million users because it allegedly didn’t protect one of its online databases with a password.

AI.type has quite a following on the Play Store. The free version of the application alone has managed to amass between 10,000,000 – 50,000,000 installs and it’s maintained a respectable average review rating of 4.2 stars. But as security researchers at Kromtech Security Center recently discovered, AI.type has not been adequately protecting its databases.

In the course of an weeks-long investigation, Kromtech Security Center discovered that a misconfigured MongoDB database allowed them to access data from nearly 31 million users. It totaled more than 577 gigabytes in size and contained information including users’ full names, a list of applications installed on the phone, email addresses, precise location (including city and country), and how many days users have had the application installed.

Interestingly, the free version of AI.type was found to have collected more data than the paid version. More specifically it collected device IMSI and IMEI numbers, device makes and models, phone screen resolutions, phone numbers, the names of cell phone providers, IP addresses, internet providers, and Android version numbers.

Researchers had attempted to contact the company behind AI.type on multiple occasions but it wasn’t until this past weekend that they finally acknowledged it. AI.type says it has now secured the database, and that the leak didn’t impact AI.type’s nine million iOS users.

Source: Kromtech Security Center