GO Keyboard Apps Collect and Send User Data to Remote Servers

Security researchers recently discovered that two popular Android apps under the GO Keyboard label were collecting user data and transmitting it to a remote server. These same apps were also detected executing code from a third-party server without users’ knowledge. Identified as GO Keyboard – Emoji keyboard and GO Keyboard – Emoticon keyboard, they have 2 million to 5 million installations each.

In the app’s Google Play page, the developers state a privacy policy:

GoKey privacy
Figure 1. Policy displayed for GO Keyboard – Emoji keyboard, a similar one appears on the other Go Keyboard app

The apps' actual activity contradicts the statement. According to news reports, they collect sensitive user information and dispatch the data back to servers in China. The information includes Google email addresses, language, IMSI, location, network type, screen size, Android version and build number, and the device model.

The apps also communicate with tracking networks and execute code from a remote server. Google specifically prohibits apps that download executable code (like dex files) from sources other than Google Play, but the researchers showed that both keyboard apps do so. They note that some of the apps’ downloaded plugins have been marked as adware or potentially unwanted apps (PUA) by Trend Micro and other security vendors.

GoKey page
Figure 2. One of the apps has over 4 million installations and a 4.5 rating on Google Play

It is unusual for this type of app—millions installed and rated 4.4 or higher—to be suspicious. But their actions clearly violate the policies outlined in Google’s Developers Policy Center and can be classified as malicious behavior. It only shows that users have to be judicious about the apps they install on their phones and follow best practices for mobile safety. Users also have to be wary of the permissions they grant to apps—the more permissions they have, the more data they can collect. Keyboard apps have access to everything that is typed and can be tweaked to become keyloggers.

[READ: Are your Apps Compromising your Privacy?]

Both apps are still available on Google Play at the time of writing. The researchers notified Google about their findings, but the company has not replied.

To combat mobile threats, it is important to find the right security solution for all your devices. End users can benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ (available on Google Play). And Trend Micro™ Maximum Security includes Mobile Security and proactive protection for up to 5 PC, Mac, Android and iOS mobile devices. Trend Micro’s Mobile App Reputation Service (MARS) already covers Android and iOS threats using leading sandbox and machine learning technology. It can protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerability.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Publié dans Mobile Safety, Android, Adware