GO Keyboard reportedly violates Google Play privacy policies

By JC Torres/Sept. 22, 2017 4:43 am EST

Privacy has unfortunately become almost a commodity these days. It is something that users mostly take for granted, especially in exchange for convenience, and something companies use to barter with each other. Despite that somewhat lax attitude, however, there are times when too much is really too much. As seems to be the case with GO Keyboard, a popular third-party Android keyboard that is reportedly going way above acceptable behavior and even outright violates Google Play rules.

The violation is being reported by security software maker AdGuard, so take it with a grain of salt. According to AdGuard's stats, GO Keyboard, is a highly popular third-party keyboard that has been downloaded more than 200 million times. The developers behind it, China-based GOMO, has also made a few notable Android apps, including the GO Launcher and GO SMS app. The GO Keyboard's privacy violations, however, are particularly egregious because of the special standing Android keyboards have.

You use keyboards to, of course, enter text and numbers, which can also include sensitive information like passwords, PINs, social security numbers, and the like. That is why special attention is given to the ensure they don't go beyond even the now accepted practice of sending some information to its servers or even to third parties. There was already a lot of noise made when TouchPal, used by Lenovo and HTC, "mistakenly" added ads to the keyboard. GO Keyboard, apparently, is doing worse.

According to network traffic observed by AdGuard, the GO Keyboard secretly sends back to its servers the user's Google account email alongside other regular pieces of data, like Android version and build, something prohibited by Google's policies without user consent. Furthermore, it downloads and runs code from its servers just after the user installs the keyboard, again in violation of said policies. These pieces of code, identified as plugins, are marked by anti-malware apps as adware.

Google has been contacted about the violations but, as of this writing, the app still remains available on Google Play Store. Of course, Google will have to do its own investigation first before bringing down judgment on GO Keyboard. Whether or not it's actually guilty of such offenses should still serve as a warning that not all poplar apps are safe apps.

SOURCE: AdGuard