More than 31 million users have had personal information leaked by AI.type, a popular virtual keyboard app that’s been downloaded more than 40 million times for Android.
Though AI.type is available for both Android and Apple’s iOS operating systems, only Android users appear to be affected by the leak. Kromtech Security Center researchers say that AI.type “accidentally exposed their entire 577GB Mongo-hosted database to anyone with an internet connection.”
That database included phone numbers, full names, device name and model, SMS numbers, unique IMEI numbers for each device, email address, links to social media profiles, and precise location details. Furthermore, data was also taken from users’ contact lists, so phone numbers and email addresses of people who weren’t even using the app could have been compromised.
ZDNet verified the leak by obtaining a portion of the database seen by Kromtech, while noting that AI.type’s server wasn’t protected with a password. The free version of the app also collects more data than the paid version of the app, so those using the free app would potentially have more personal information exposed. AI.type’s developer acknowledged the leak, and the data has since been secured.
Keyboard Apps: Worth It?
Virtual keyboard apps generally ask for full access to your phone’s keyboard. Like many of these apps, AI.type is given read access to everything you type, in addition to text messages and photo/video access.
But AI.type’s database was not encrypted, and ZDNet also claims that “text entered on the keyboard does get recorded and stored by the company, though to what extent remains unclear.”
While many readers may use a virtual keyboard app, it’s time to take a closer look at whether it’s really necessary to do so, if you haven’t already. As Kromtech head Bob Diachenko wrote, “It raises the question once again if it is really worth it for consumers to submit their data in exchange for free or discounted products or services that gain full access to their devices.”