If you use or have already downloaded the AI.type keyboard, be careful: your personal data may have been exposed due to a leak of the application database, which was stored on a server with no password (!).
The virtual keyboard has been downloaded more than 40 million times for playing games like GameKiller, and it is estimated that the data of 31 million users have been exposed. It offers custom themes, multi-language support, swipe, calculator and emoji suggestion.
Despite having Android and iOS versions, only information from Android users has been exposed. There are more than 577 GB of data, which include at least the following information:
- full name
- email address
- location, including city and country
- how many days ago the application was installed
- screen resolution
- messages sent per day, per session, and age of users
The privacy policy of the free AI.type, which collects more data than the paid version, further states that the application is allowed to store the IP address along with its location obtained by the network, contact list, text messages, IMEI, list of installed applications and other “behavioral data”.
The ZDNet had access to part of the database and confirmed the registration of such sensitive information in some cases. The site also found that other information was also exposed, such as the phone number, carrier name, and internet provider on Wi-Fi. Some records also show detailed information about Google’s public profile such as date of birth, gender, and photos of a profile.
It is very worrying that the data stored by a keyboard is exposed because, well, it knows everything you type. Although the AI.type shows on its website that any typed characters are encrypted, ZDNet has discovered a table with 8.6 million text-typed records, including phone numbers, search terms, email addresses and their corresponding passwords (!!).
The case is an alert for the use of third-party keyboards on Android, which have access to absolutely everything you type. On the iPhone, I keep using SwiftKey, purchased by Microsoft, but the standard Apple keyboard always appears when it is necessary to enter a password. Now, I see that is a necessary measure.