Posted on September 29, 2017 at 5:30 PM
The Go Keyboard app has been exposed to be malicious by AdGuard security researchers.
Android users have become used to practicing caution online. After a slew on endless invasions on their devices and personal privacy, most Android users often do not even know which apps to trust. At this point, the rule of thumb for Android users is to never trust a device for storing information securely, as supposedly harmless apps can be infected with malware to infiltrate your most sensitive data.
Because of the severe vulnerability in Android devices, many security firms and experts have turned their focus towards monitoring Android apps full-time for any suspicious activity.
In such an investigation, security researchers from AdGuard recently concluded that the popular app Go Keyboard, created by Chinese developers, GOMO cannot be trusted. Since their findings, they have made an effort to alert Android stores and warn Android users.
According to security researchers, there are two versions available of Go Keyboard on the Google Play Store. These include the “GO Keyboard – Emoji keyboard, Swipe input, GIFs” and “GO Keyboard – Emoticon keyboard, Free Theme, Gif.” According to researchers, both available versions send a user’s private information to remote servers and then execute unauthorized code on the device. Both versions are popular with between 100k – 500k downloads respectively as well as high ratings of 4.4 or 4.5 stars.
AdGuard researchers noticed the app after they realized that the keyboard apps were conducting suspicious surveillance techniques. The GOMO developing team were suspected of collecting private data such as the user’s email address linked to the Google Play Store, Android version, screen size, network type, and smartphone make/model number.
However, the apps were doing more than merely collecting data, they were also communicating the data to remote servers to store the data, and inputting unauthorized code into the device software. The code included dex files or native coding which came via a remote server.
Apart from being highly invasive, this act is also a direct violation of the Developer’s Policy Centre’s Malicious Behaviour section. These acts also go directly against the developer’s own oath to its users which promises never to collect or store any information.
This app has proven that it has no regard for its users’ privacy or the Developer’s Policy. The apps start sharing its user’s data directly after its installation. It communicates the data using dozens of tracking servers.
Some anti-virus software has been able to pick up on the malicious activity conducted by these apps. Even to the naked eye of a user, the danger should be clear. The app is able to access your keyboard, meaning it can read and detect all the sensitive information that you type, such as passwords, usernames, financial information, phone numbers, text messages, social media logins, etc. This information can be easily exploited in the wrong hands.
The app also asks for pretty extensive permissions, considering it’s just a keyboard app. Some permissions included permission to retrieve running apps, read sensitive log data, find accounts on the device, read contacts, read call logs, record audio, display unauthorized windows, read terms added to the dictionary, etc.
AdGuard researchers condemned this app as unacceptable and dangerous. They cautioned users not to blindly trust and download apps, despite the many downloads, and despite the high ratings. AdGuard has informed the Google Play Store, they are yet to release an official statement, and according to Andrey Meskhov from AdGuard, they are yet to respond to their findings.