GO Keyboard, a really popular Android keyboard app was caught collecting user data and downloading and running code from a third-party server.
The discovery was made by engineers at AdGuard, a provider of ad-blocking technology. AdGuard said they noticed suspicious requests while analyzing the app's web traffic following its installation.
The company was looking into GO Keyboard's behavior after an incident with another custom keyboard, TouchPal, that started showing ads over the typing area this past July.
While investigating GO Keyboard for similar intrusive ads, AdGuard says it detected the app collecting a large amount of data from the device right after installation and sending it to a remote server.
"GO keyboard reports to its servers your Google account email in addition to language, IMSI, location, network type, screen size, Android version and build, device model, etc.," said Andrey Meshkov, AdGuard co-founder.
Meshkov found that the app also communicates with dozens of third-party trackers and ad networks.
Collecting user data without user consent and downloading and executing code from a third-party server (bypassing the app review process) — is forbidden for apps uploaded on the Google Play Store.
AdGuard says it informed Google of the app's behavior, but at the time of their investigation publication, the Google team had not answered their report.
The discovery was made by engineers at AdGuard, a provider of ad-blocking technology. AdGuard said they noticed suspicious requests while analyzing the app's web traffic following its installation.
While investigating GO Keyboard for similar intrusive ads, AdGuard says it detected the app collecting a large amount of data from the device right after installation and sending it to a remote server.
"GO keyboard reports to its servers your Google account email in addition to language, IMSI, location, network type, screen size, Android version and build, device model, etc.," said Andrey Meshkov, AdGuard co-founder.
Meshkov found that the app also communicates with dozens of third-party trackers and ad networks.
Collecting user data without user consent and downloading and executing code from a third-party server (bypassing the app review process) — is forbidden for apps uploaded on the Google Play Store.
AdGuard says it informed Google of the app's behavior, but at the time of their investigation publication, the Google team had not answered their report.
0 comments:
Drop your comments and share your thoughts...