Security researchers warn that GO Keyboard is spying on millions of Android users

Discussion in 'Press Releases/Announcements' started by RickAgresta, Sep 25, 2017.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Messages:
    18,938
    Likes Received:
    10,930
    Trophy Points:
    288
    Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as “using a prohibited technique to download dangerous executable code.”

    Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information.

    Adguard notes that there are two versions of the keyboard in Google Play which it claims have more than 200 million users in total. GO Keyboard – Emoji keyboard, Swipe input, GIFs has a user rating of 4.5 stars; the very similarly-named GO Keyboard – Emoticon keyboard, Free Theme, GIF has a rating of 4.4 stars. Both versions of the app are still being updated.

    Within the app description, the developers say:

    PRIVACY and security
    We will never collect your personal info including credit card information. In fact, we cares for privacy of what you type and who you type! [sic]

    But Adguard points out that this is contradicted by the company’s privacy policy. In addition to this, GO Keyboard shares personal information right after installation, communicates with dozens of tracking servers, and has access to sensitive data on phone. Adguard concedes that this is fairly typical for modern apps, but goes on to say that the app violates Google Play policies.

    In the Malicious Behavior section of the Developer Policy Center, Google says that “apps that steal a user’s authentication information (such as usernames or passwords) or that mimic other apps or websites to trick users into disclosing personal or authentication information” are not permitted.

    This is activity, Adguard says, that GO Android engages in:

    Without explicit user consent, the GO keyboard reports to its servers your Google account email in addition to language, IMSI, location, network type, screen size, Android version and build, device model, etc.

    Link to story:
    https://betanews.com/2017/09/21/go-keyboard-spying-warning/
     
  2. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    13,331
    Likes Received:
    1,851
    Trophy Points:
    113
    I yearn more and more for the days of non cloud connected devices. I remember proclaiming that I would never use Android, and for sure, never, ever use an iThing. Now you simply don't have a choice.

    I'd love to root, and claim that my device is clean, but in all honesty, how do we know the authors of those modified ROMs aren't doing the exact same thing.

    I sure don't go out and try new software anymore. I've hand selected software I want, and my days of browsing the app store is long since gone. Oh such irony... I browsed the Palm store so eagerly, trying new software without thought. The selection was in the 10s of thousands at best. Now, we've got them by the million. And I'm not at all interested. Every single app is out to try to deceive and steal. What a crappy nightmare...

    I guess the only point of rooting for me now, would be to throw a firewall on there, to block my apps from connecting to the internet. Not from blocking the internet trying to get to my phone... but blocking the leaks of data from my phone. When you can't even trust your own device...

    That's what it has come down to, and neither ecosystem is safe. We've been sold, each and every one of us... :(
     
  3. Hook

    Hook Phone Killer ;-) Arrrrr...f

    Messages:
    18,500
    Likes Received:
    7,184
    Trophy Points:
    288
    I think the ROM picture is not as grim as you paint it, though it depends on what device you have. The ROM I use is produced by a small group of devs who are in the US, accessible and I have had conversations with several of them. They are producing the ROM to use on their own phones and sharing them for free with anyone who has the same phone (no versions for devices they don't own). They do it for the love of what they are doing. No money involved. I used a ROM on my tablet produced by a young student in Germany. Again, very accessible and I communicated with him several times. Could he throw malware in there? Sure. But I don't think so and, honestly, it would probably have been found out. Almost all the ROM devs I have considered make all of their source code available. Do I look at the source? No. But there are sure people on XDA that do.

    Nothing is risk-free, but I think, with a little research and communication with devs, the ROM scene is pretty good (for those devices that have an active ROM scene). Having a device free of a lot of Google's phone-home bloat is one of my favorite reasons for having an alternative ROM.
     
  4. headcronie

    headcronie Greyscale. Nuff Said. Super Moderator

    Messages:
    13,331
    Likes Received:
    1,851
    Trophy Points:
    113
    I'd love to believe that Hook, but I just can't. I'm sure that there are those developers who do it for the love of what they are doing. I bet if you talked to the developers of GO Keyboard, they'd give you a similar shtick.

    My trust is broken. It erodes more by the day.

    Technology used to be fun. Now it is a hassle. Now it is a constant fight to control your own data, one you increasingly have no control over.

    GO Keyboard, Equifax, unrelenting tracking across the internet, AccuWeather iOS app tracking users without consent. The list goes on, and on, and on...
     
  5. Hook

    Hook Phone Killer ;-) Arrrrr...f

    Messages:
    18,500
    Likes Received:
    7,184
    Trophy Points:
    288
    Well, they would have to translate their answers to me from Chinese and the bad grammar and spelling would probably make me suspicious. :vbwink:

    I understand what you are saying, but to be honest, I trust some of the ROM developers more than I trust Google or the carriers. Apps, not so much. I keep my apps to a minimum and, whenever possible, to known and reputable developers (CESD, Softmaker, etc). And although I have a Chinese developed phone, I try to stay away from Chinese apps (GO Keyboard), social media apps and apps that are free because they have ads. At best, I can reduce risk, but I can't eliminate it unless I'm willling to go back to my TX and, so far, I'm not.

    In general, I have never trusted the world wide web (I did kind of trust the command line internet before that :vbrolleyes:) Equifax is especially maddening because I never gave them my data. They were allowed to take it. Same with my Bank. It doesn't matter whether I sign up for on-line banking or not, the fact that I can access my bank data on-line means that it is already out there.
     
  6. Mi An

    Mi An Nexus Refugee

    Messages:
    5,155
    Likes Received:
    3,994
    Trophy Points:
    288
    And if you want equifax to stop dishing info out to all comers (credit freeze), you have to pay them. It's like a protection racket but with less protection.

    The ROM market is kind of like picking a restaurant overseas in an area where food hygiene is questionable. You go where the locals go and cross your fingers that some of them know what they're doing. Higher food turnover combined with people tending to avoid the places that make them sick give you some protection (the same as hoping that various devs and experienced users are policing each other consistently), but uncertainty lingers.

    I'd still ROM if I needed it to get kcal color control for example, or titanium backup, but I'm still engaging in similar risks by rooting and installing a custom kernel (and have no intention of ceasing to do so unless I get enough freedom to control my handset without it). Chainfire's rooting method is now in the hands of an unknown company. I know even less about options like magisk. And frankly, we can only make assumptions about Google. Given their flirtations with black box AI, even Google might not fully know what they do with our data. Or care.

    Wish press would stop saying "we're the product" (as opposed to the consumer) though. Most companies have an incentive to take care of their products, keep them in tip-top shape so they can be sold at full price. There appears to be no such incentive for anyone in the info selling business. Ransomware delivered via malvertising? Not their problem. ID theft? Oh well. Most products are much safer than we are. We're more like pigs. Pigs aren't the product, they just produce the product and having done so, become irrelevant.
     
  7. z22 2006 User

    z22 2006 User BHOT's Own Fluffy

    Messages:
    1,581
    Likes Received:
    219
    Trophy Points:
    238
    It's not just you; i have picture backup access through Amazon Prime and 10 gigs of space through google. I still backup data onto a fistful of thumb drives instead of the Cloud.
     
    Hook, RickAgresta, jigwashere and 2 others like this.
  8. Tom LaPrise

    Tom LaPrise Absent-Minded Professor

    Messages:
    2,616
    Likes Received:
    279
    Trophy Points:
    258
    I used GO Launcher and GO SMS on my first Android phone until rumors of privacy violations started. I don't trust anything from GO (or Cheetah Mobile, another known information swiper) now.

    Last night, I got an email from Google saying I wasn't using the official Google Calendar app and suggesting I switch. (I use Business Calendar because I like its view options and customization.) I consider that a privacy violation too--what in my phone told Google that I was using a different calendar app? Maybe Google can take a look at what I am using and give their calendar the same features so I'll use it, but that email makes me less likely to do so, not more.
     
    RickAgresta, lelisa13p, Hook and 3 others like this.
  9. scjjtt

    scjjtt A Former Palm User

    Messages:
    2,002
    Likes Received:
    3,175
    Trophy Points:
    288
    Tom, I got the same email. I use Calengoo for the viewing reasons, as you have stated & because Calengoo has always allowed me to sync my tasks with the Google online calendar where their own Android calendar app before could not.

    I switch from Microsoft to Google years ago because of many reasons but one of them was privacy - feeling that they were less intrusive, (don't get me started about Apple's iTunes program/app for Windows - I can't even get it off my desktop computer). But now, and reading this thread, I am deeply concern about where Google is going with all of this.

    Identity theft is huge in AZ. People get paranoid over it. About 10 years ago our state's attorney was running commercials warning of us to be safe in how & who we give and use our private info. I couldn't believe the criticism that he received when it was revealed that if he was truly concern about our privacy that he should do something about the copies of ALL our signed documents of our home purchases available for everyone to read on the World Wide Web. I was amazed when I searched our address to discover that everything my wife & I signed, every page with our initials, date of birth, social security numbers, address, phone numbers and even what we paid for the home was public information!

    Our privacy has been compromised for years and it is only getting worse. I have been putting off getting & paying for some type of identity protection - maybe it is time to stop putting it off.

    Sent from my LG G4 using Tapatalk
     
  10. Hook

    Hook Phone Killer ;-) Arrrrr...f

    Messages:
    18,500
    Likes Received:
    7,184
    Trophy Points:
    288
    Forgive me if you have already tried this, but this article has the method I used to eradicate iTunes from my Windows 10 installation and it worked for me. The trick is, you have to individually uninstall about 6 programs, not just iTunes.

    http://www.wikihow.com/Uninstall-iTunes

    As for the being pushed into someone's cloud, I feel the same way. That's originally why I left MS Office and why I ultimately moved to Linux. I realize the latter isn't practical for everyone, but I am so happy now.
     
    scjjtt, RickAgresta and lelisa13p like this.
Loading...
Similar Threads - Security researchers warn
  1. jigwashere
    Replies:
    18
    Views:
    1,012

Share This Page