It’s never a dull moment when it comes to Android and security scares. The platform, thanks to its popularity with users around the world, attracts as much controversy every month as members of the Kardashian family. The latest such security scare comes from popular keyboard apps bearing the name “Go” on the Google Play Store.
Unless you have been living under a rock for almost a decade or are new to Android then you will recall how big the Go brand is. It’s an institution. For good measure, even though it is not related to the apps that are the subject of this article, Google’s next focus on emerging markets is a dedicated version of Android Oreo called Android Go and some Google apps, like YouTube’s dedicated data-saving variant, bear the Go name too. Use Go Launcher? You’re in the mix, too. I remember us making fun of a friend for his obsession with Go Keyboard, one of the oldest of the “Go” apps. Made by the GOMO developer team from China, Go keyboard and its many offshoots, which include those dedicated to emojis, GIFs and themes, have made a big name for themselves.
I even used to be a big advocate of their clean Next Browser before I saw the light.
Thanks to being around for a while, Go Keyboard has managed to amass hundreds of millions of downloads through the Play Store. That loosely translates to Go Keyboard and its offshoots being installed on hundreds of millions of devices and, probably, an equally large number of users.
Those hundreds of millions of users and their devices are, apparently, not safe.
Researchers from Adguard, which bills itself as “the world’s most advanced ad blocker” caught the Go Keyboard apps dead in their tracks spying on users and sending sensitive user and device data to faraway servers without explicitly telling users thanks to Adguard’s traffic monitoring tool.
In fact, as noted by the Adguard team, GOMO developers state in the Go Keyboard app description that, “We will never collect your personal info including credit card information. In fact, we cares for privacy of what you type and who you type! (sic)”.
Well, if Adguard’s findings are anything to go by, they’ve never care even one bit about the privacy of their users or even respected it.
“Without explicit user consent, the GO keyboard reports to its servers your Google account email in addition to language, IMSI, location, network type, screen size, Android version and build, device model, etc.,” notes the Adguard team in its findings released two days ago.
As if that is not enough, Go Keyboard goes ahead and download and executes code, some of which includes plugins identified as adware, immediately after download. Completely without the user’s knowledge.
While an intrusion by any application is not to be tolerated, it is particularly scary when the application in question is one tasked with user input. Keyboards are sensitive apps since they have access to every single thing you ever key into your device. All your emails, all your passwords and PINs, all your naughty texts, etc. There’s no bigger violation than this. It’s akin to someone discreetly placing a CCTV camera or some listening devices in your house and monitoring your activities without your knowledge and permission.
Uninstall Go Keyboard. Right now! There are better keyboard apps you can use. Not because they are the best with regards to total user privacy and peace of mind (hint: they are not) but because so far so good. For now, they are the lesser evil. Or so it seems.