Although I have two Android phones, I occasionally get flack because I don't use them as phones, nor for email, nor anything I prefer to keep private, and here's a great example of why:
Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server.
The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world.
But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data.
The database appears to only contain records on the app's Android users.
Additional coverage on ZDNet and RT
(Score: 5, Insightful) by ledow on Friday December 08 2017, @10:30AM (14 children)
"Although I have two Android phones, I occasionally get flack because I don't use them as phones, nor for email, nor anything I prefer to keep private, and here's a great example of why:"
Has nothing to do with Android.
If you grant a random app permission to see everything you type, then that's your fault.
Sure, if the Samsung default keyboard were doing this, that's a really big deal.
But if someone said "Just install this software on your PC and it will read all your keystrokes and store them in the cloud", and you install it, who's at fault there?
People don't interpret permissions properly even when it's quite clear what the app is doing. A virtual keyboard app shouldn't be going on the Internet. If it does, then there's ALWAYS the risk that your keystrokes are going on the Internet. If you can't understand that, can't trust that, or can't have that happen, then don't install apps that have that permission as your "virtual keyboard". If this means you can't have the same apps as the cool kids, so be it.
(Score: 1, Informative) by Anonymous Coward on Friday December 08 2017, @10:37AM (13 children)
Keystrokes were not among the data stored on that server. Instead, all data stored there had absolutely zero relation to the actual functionality of the app:
(Score: 2, Interesting) by Anonymous Coward on Friday December 08 2017, @10:41AM (4 children)
Soylent News feature request: If the number of opening and closing tags in a comment does not agree, display a prominent warning near the submit button.
(Score: 2) by FatPhil on Friday December 08 2017, @12:52PM (3 children)
Clue: There's a "Preview" button for a reason. There's also "Post as Extrans" which make the question of tags irrelevant.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday December 08 2017, @01:45PM
If you are easily pissed of by a simple warning, I'd say you've got serious issues.
(Score: 0) by Anonymous Coward on Friday December 08 2017, @02:18PM
Perhaps make such warning optional for logged in users then. ;)
(Score: 2) by chromas on Friday December 08 2017, @03:12PM
Teach users not to tag-rape. If you're not gonna balance your <p>s, stick a slash in 'em.
(Score: 2) by FatPhil on Friday December 08 2017, @12:57PM (1 child)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday December 08 2017, @02:23PM
Seems like an interesting guy. I find it however somewhat suspicious that the inventor of evercookie requires you allow cookies on his web page or get no access... :)
(Score: 2) by ledow on Friday December 08 2017, @01:59PM
Principle still applies.
If it has permission to go on the Internet, and permission to gather that info in the first place (I'm not aware of a phone that wouldn't let you gather most of that information automatically, the only question mark would be the Google account but how many people just signed into the Google account for some "feature" of the virtual keyboard - I very much doubt they scraped Google usernames AND passwords as an ordinary non-root app!), then the logical conclusion is that the app can gather that data and upload it to... anywhere.
It's like giving a random stranger your house number and a set of keys and then being surprised that someone got into your house.
(Score: 2) by hendrikboom on Friday December 08 2017, @02:48PM (4 children)
I can see a user having more than one email address and more than one profile photo. But one user having more than one data of birth? or more than one gender?
Or is there something about modern reproduction and sexuality I don't understand?
(Score: 4, Funny) by chromas on Friday December 08 2017, @03:09PM (1 child)
You fuckin' racist! For your information, I happen to identify as a trigender transbirthdayist!
(Score: 0) by Anonymous Coward on Friday December 08 2017, @08:17PM
hey i may do that, it can get me a lot of gifts at parties and also triple my chances for a date!
(Score: 0) by Anonymous Coward on Friday December 08 2017, @03:44PM
Hermaphrodites?
(Score: 2) by RamiK on Saturday December 09 2017, @01:20AM
I knew a girl with one date of birth on her driver's license / passport and another in her birth certificate. My recollection of the circumstances is a bit fuzzy but it had something to do with time zones and getting born in a hospital across state/international border... It was a strange story but she got her collateral clearance through fast enough so apparently it wasn't unusual enough to raise any flags.
Btw, don't ask people's age in years. Beside being rude, you'd sometimes get off by one answers: https://en.wikipedia.org/wiki/East_Asian_age_reckoning [wikipedia.org]
compiling...