No matter how many security features Google builds into Android, the open-source platform is always susceptible to malware attacks frequently. Every month, reports of Google removing a bunch of malicious apps from the Play Store creep up and despite Google rolling out fixes, some other kind of malicious activity comes out in the open. And once again, such an issue has crept up for Android users and this time, it comes from a rather popular keyboard app, called the ai.type keyboard.
Researchers at mobile technology firm Upstream have discovered a serious issue with the ai.type keyboard app that can rob its innocent users. The app keyboard has been found to subscribe to users to premium third-party services without notifying in the background. Hence, the app has been making unauthorised transactions in the background and duping people of money.
As the Daily Mail states, the researchers at Upstream have found 14 million requests for carrying out suspicious transactions and blocked with their Secure-D platform. And these requests were only made from 110,000 devices that were under the scrutiny. The ai.type keyboard app has been installed on millions of devices and despite Google removing a version a few months ago, it’s still installed on a lot of smartphones.
On top of that, the app is still available for download on various third-party app stores on Android and various websites. The app still poses a risk.
The researchers even found that after Google removed the app from the Play Store back in June 2019, the app started conducting more malicious activities than before, showing a massive spike in requests for malicious transactions.
And apart from the unauthorized transactions, the app has also been giving out generic user data such as clicks on website and purchase details to advertising networks, says the report.
“Innocent users are paying for these hidden, unauthorised purchases and related data consumption whose source is buried in the app,” said Dimitris Maniatis, head of Secure-D at Upstream. “Secure-D experts examined two Android devices with the ai.type app installed,’ wrote another Upstream spokesperson. “They found subscription verification texts to premium digital services on both devices, confirming unwanted subscription sign-ups that occurred without any user intervention.”
If you have the ai.type keyboard installed, it is suggested that you should delete it from your phone immediately and look for signs suggesting unusual activities. Moreover, those who had installed the app should keep an eye on the transaction details for any suspicious payments and block it if possible. Additionally, it is also suggested that an anti-malware app should be installed on your Android device to keep a tab on all the malicious activities from various apps.