Copyright Hé - License GPL

Flash Keyboard on Android, Attention! Massive data collection

Software   2020-06-18 19:47:57

Google has removed the Android Flash Keyboard app from the PlayStore. One of the Top 20 most popular software products, it is the target of an alarming report by Pentest, a company specializing in cybersecurity. " style = " max- height: 400px; max-width: 99%; "> Flash Keyboard, PenTest sounds the alarm bell Engineers of PenTest explain that the Flash Keyboard application is originallyno authorization requests unrelated to what is necessary for its proper functioning. With administrator privileges, the software makes it more difficult to uninstall, hijacks the screen to display advertisements, and collects data to transfer it to a third party without authorization. " style = "max- height: 400px; max-width: 99%; "> Flash Keyboard is ranked 11 th in the list of most popular Android apps. She isIt’s responsible for over 50 million downloads. In appearance, it is intended to replace the native keyboard of the OS Pentest highlights n shady daggerboards let"s quote Access to wireless connections Bluetooth, Wifi and geolocation function Authorization to kill background processes, Authorization to read SMS messages, to delete download notifications. > According to Pentest, all this has no justification. To this is added a request for authorization of administrator rights in order to access the screen lock to impose advertisements and collect data without explicit user agreement. The analysis of data flows from Flash Keyboard shows data collection and sending to remote servers located in the United States, the Netherlands, and China. Some of this data relates to the manufacturer of the device, the model identification, the Android version, email address, SSID, MAC, IMEI data, mobile network type, contact details GPS or information on nearby Bluetooth devices. Flash Keyboar, Malware? Pentest believes that the application does not comply with Google policy for many reasons including the installation without advertising authorization, intentionally hidden updates of the application, sending of personal information without the user"s knowledge and a difficult uninstall process. The publication of this report forced Google to remove Flash Keyboard from the Play Store. Its developer quickly released a second version called Flash Keyboard Lite.