If you are using the keyboard app developed by Ai.Type, your personal information has probably been leaked, as researchers security discovered that the company it implicitly collects data and stores it in a MongoDB database.
Security company Kromtech estimates that sensitive data belonging to about 31 million users is included in this database, and entries have been found to show that the keyboard application recorded almost every keystroke, whether it was plain text or passwords.
While the app developer says it does not collect information from password fields and that all data is encrypted, ZDNet reveals that the database discovered by Kromtech included everything from full usernames, email addresses, geographic location, device, model, IMEI, and Android versions. Also included is more personal information collected from social media, such as birth dates, gender, profile photos, contacts and passwords.
Η Kromtech it says the database is 577 GB and was exposed to Internet. The database was freely available to anyone with connection on the Internet, and contains at least 31.293.959 files.
There are 6.435.813 entries with information collected from contact lists, including phone numbers and names. The security firm estimates that the keyboard app has saved over 373 million entries in the servers of the company that developed it.
In most cases, third-party keyboard applications require full access to Android data, and Google's operating system warns that this could cause problems.
The Ai.Type keyboard application is also available for the iPhone and also requires full access, but it is currently unclear whether information from users of Apple devices or only those who use Android has leaked information.