Virtual keyboards are perhaps one of the strangest and often underestimated kind of software on mobile devices today. On the one hand, it’s easy to take them for granted because they’re just on-screen keyboards. On the other hand, anything that you type, including sensitive information like passwords and credit card details, passes through them. With that much power, keyboard developers need to exercise great responsibility as well. Unfortunately, a “popular” keyboard by the name of Ai.Type didn’t think so, leaking more than 31 million users’ data simply because it didn’t protect its own database with a password.
As its name implies, Ai.Type is a keyboard that promises to leverage the latest buzzwords to improve the user experience. It boasts of having over 40 million users globally, both on Android and iOS, a fact that is ironically confirmed by this massive leak. Unfortunately for the Android users among that 40 million, almost all of their personal information has been uploaded to Ai.Type’s database and, consequently, potentially pilfered by a hacker.
It’s not unusual for third-party keyboards to request access to different parts of the operating system. Android and iOS both warn users of the risk of using such keyboards. But Ai.Type seems to have gone the extra mile and requires permissions for anything and everything available on your Android device. Given how many installs its Play Store page says it has, that many users agreed to such a thing.
So, on the one hand, you have a developer that didn’t even take the most basic precautions to ensure the security of its own database. On the other hand, you also have a developer that has collected far more user data than it needs and in a way that violated its own policies. It’s a lose-lose situation for users, and the Tel Aviv-based company has unsurprisingly gone silent.