Security researchers from Adguard has accused the GOMO Dev team, Chinese developers of the popular keyboard app GO Keyboard, of violating user privacy by collecting sensitive information like email addresses, location, network information, display size, Android version, build number and device model. The app was also executing codes remotely without the user’s consent.
Adguard decided to look into GO Keyboard traffic consumption after another popular keyboard app, Touchpal Keyboard started displaying ads on HTC phones. Adguard accused the developers of violating the Google Play content policies – malicious behavior section.
Apps that steal a user’s authentication information (such as usernames or passwords) or that mimic other apps or websites to trick users into disclosing personal or authentication information.
Adguard has already submitted their findings to Google and is awaiting response. This could result in the removal of the apps from the Dev team in the PlayStore.
We find this kind of behavior very troublesome and can pose serious security breach as we use keyboard apps to input personal informations like bank account numbers and passwords.
Source: Adguard Blog