Stories
Slash Boxes
Comments

SoylentNews is people

Security Researchers Warn that GO Keyboard is Spying on Millions of Android Users

posted by martyb on Sunday September 24 2017, @08:40AM   Printer-friendly
from the Go-Fish! dept.

MrPlow writes:

Submitted via IRC for SoyCow8963

Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code."

Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information.

[...] Within the app description, the developers say:

PRIVACY and security
We will never collect your personal info including credit card information. In fact, we cares for privacy of what you type and who you type! [sic]

But Adguard points out that this is contradicted by the company's privacy policy. In addition to this, GO Keyboard shares personal information right after installation, communicates with dozens of tracking servers, and has access to sensitive data on phone. Adguard concedes that this is fairly typical for modern apps, but goes on to say that the app violates Google Play policies.

The apps in question are:

Source: https://betanews.com/2017/09/21/go-keyboard-spying-warning/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Security Researchers Warn that GO Keyboard is Spying on Millions of Android Users | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by c0lo on Sunday September 24 2017, @09:45AM (9 children)

    by c0lo (156) Subscriber Badge on Sunday September 24 2017, @09:45AM (#572269) Journal

    TFA actually provide an important info, you may want to insert it into TFS:

    GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as...
    [currently missing from TFS] "using a prohibited technique to download dangerous executable code."

    That is: it spies to you now, it may do other nastinies to you at any time the authors (or their masters) want.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Moderation   +2  
       Informative=2, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 2) by MostCynical on Sunday September 24 2017, @10:34AM (7 children)

    by MostCynical (2589) on Sunday September 24 2017, @10:34AM (#572277) Journal

    But other apps do that, too. They call it an "update"

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

    • (Score: 2) by c0lo on Sunday September 24 2017, @11:33AM (6 children)

      by c0lo (156) Subscriber Badge on Sunday September 24 2017, @11:33AM (#572280) Journal

      But other apps do that, too. They call it an "update"

      Should we blame Google then for allowing "prohibited technique"s in their playground?

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

      • (Score: 2) by MostCynical on Sunday September 24 2017, @11:44AM (5 children)

        by MostCynical (2589) on Sunday September 24 2017, @11:44AM (#572283) Journal

        Onły if they claim to vet every app on their platform.
        I can't find any poof tbey do claim that. They "review" apps (likely after the app borked someone's phone or tablet), but I fan't find evidence they check every app.

        --
        "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

        • (Score: 2) by c0lo on Sunday September 24 2017, @11:57AM (4 children)

          by c0lo (156) Subscriber Badge on Sunday September 24 2017, @11:57AM (#572284) Journal

          So how they "prohibit technique"s?

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

          • (Score: 2) by Wootery on Monday September 25 2017, @12:09PM (3 children)

            by Wootery (2341) on Monday September 25 2017, @12:09PM (#572620)

            There's no contradiction here. It might be a policy to ban an app if it turns out to be using this hack, even if they don't make a proactive effort to check for apps that do it.

            • (Score: 2) by c0lo on Monday September 25 2017, @12:46PM (2 children)

              by c0lo (156) Subscriber Badge on Monday September 25 2017, @12:46PM (#572631) Journal

              if it turns out to be using this hack

              Exactly... what hack? How's this hack different from a normal app update?
              Where's the definition that makes a distinction between "normal update" and "hackish prohibited technique"?

              --
              https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

              • (Score: 2) by Wootery on Monday September 25 2017, @01:01PM (1 child)

                by Wootery (2341) on Monday September 25 2017, @01:01PM (#572641)

                TFA says

                found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code."

                So whether they're breaking Google's rules (on properly informing the user, say) or exploiting a 'proper' security flaw in the Android codebase, I don't think we can definitively say, though I suspect from the phrasing that it's the latter.

                If it's the former, then the definition is a matter of policy. If the latter, it's something that could be detected with dynamic program analysis.

                • (Score: 2) by c0lo on Monday September 25 2017, @01:15PM

                  by c0lo (156) Subscriber Badge on Monday September 25 2017, @01:15PM (#572643) Journal

                  You see, this thread-end is set in the context of MostCynical's

                  But other apps do that, too. They call it an "update"

                  With me asking for further details ('cause assumption and guesses... I can generate myself aplenty)

                  --
                  https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

  • (Score: 2) by martyb on Monday September 25 2017, @12:09AM

    by martyb (76) Subscriber Badge on Monday September 25 2017, @12:09AM (#572489) Journal

    TFA actually provide an important info, you may want to insert it into TFS:

    GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as...
    [currently missing from TFS] "using a prohibited technique to download dangerous executable code."

    That is: it spies to you now, it may do other nastinies to you at any time the authors (or their masters) want.

    Ooooops! Right you are... and... fixed!

    --
    Wit is intellect, dancing.