AdGuard security researchers recently exposed the android keyboard free app Go Keybord, available on Google Play Store, as malicious after an investigation underlining how they would collect user’s private information to send it to remote servers and then execute unauthorized code on their device.

The Go Keyboard Android Free App Suspected Of Collecting Data

After a recent investigation, AdGuard security researchers concluded that the well-known Chinese app Go Keyboard cannot be trusted, since they are suspected of collecting users’ data and inputting unauthorized code into their device software. According to researchers, both versions of the app – the “GO Keyboard – Emoji keyboard, Swipe input, GIFs” and the “GO Keyboard – Emoticon keyboard, Free Theme, Gif”, both available on Google Play Store – are source of these violations. New latest versions have been released since.

Many users can be potential victims of this cyber-insecurity as the Go Keyboard Android app, developed by Chinese developers GOMO, is very popular : it counts between 100k – 500k downloads respectively for each version, as well as high ratings of 4.4 and 4.5 stars.

That is why AdGuard has condemned the app as unacceptable and dangerous and made the effort to alert Android stores and warn users. They cautioned the latter not to blindly trust and download apps, in spite of the important download rate and high ratings. As for Google Play Store, they were to release an official statement and respond to their findings, according to Andrey Meskhov from AdGuard.

Chinese GOMO developing Team Under Strict Surveillance

Everything started when AdGuard researchers noticed that both versions of the keybord app were conducting suspicious surveillance techniques. They started to suspect the GOMO developing team of collecting private data, sending it to remote servers and then execute unauthorized code on users devices. The data concerned are:

• the user’s email address linked to the Google Play Store,
• the Android version used,
• the screen size of the device used,
• the network type,
• the smartphone model number.

Once the information collected, GOMO would then communicate it to remote servers in order to store the data, and finally input unauthorized code into the device software. The code included dex files and native coding which came via a remote server.

Not only is the practice super invasive, but it also go directly against the general agreement oath to users, which promises never to collect or store any information. This act is therefore a direct violation of the Google App Store Developer’s Policy Centre’s Malicious Behaviour section. By starting sharing its users data directly after its installation and communicating the information using dozen of tracking servers, the app has proven that it has no regard for its users’ privacy or the Developer’s Policy.

Other Data Could Be Concerned

To go further into the investigation, some anti-virus software have looked into the malicious activities conducted by the app. Knowing that it is able to access your keyboard it potentially can read and detect all the sensitive information that you type, such as:

• passwords,
• usernames,
• financial information,
• phone numbers,
• text messages,
• social media logins,
• and so on.

If in the wrong hands, this information can be easily exploited.

Also, they found that it asks for quite extensive permissions given the nature of the app, including permissions to:

• retrieve running apps,
• read sensitive log data,
• find accounts on the device,
• read contacts,
• read call logs,
• record audio,
• display unauthorized windows,
• read terms added to the dictionary,
• and so on.

Be Careful When You Download And Install Any App From The Google Play Store

This episode reminds us how we constantly need to practice caution online. When we see such invasions on devices and personal privacy, we end up not knowing which app to trust. So, always remember that the ground rule for Android users is to never trust a device for storing information securely, as supposedly harmless apps can be infected with malware to infiltrate your most sensitive data. Even if the severe vulnerability in Android devices push security firms and experts to turn their focus towards monitoring Android apps full-time for any suspicious activity, the risk still exists and no one is totally shielded from cyber-security violations.