Go Keyboard is one of the most popular Android keyboard app on Play Store with a user base of over 200 million. On the21st of September, AdGuard published findings of a research on Go Keyboard. It revealed that the developers of the app had released to the public conflicting report about how the app collects user data.
The app has two versions, and both versions were found to collect user data in a way that could be described as improper. AdGuard discovered that Go Keyboard collected user’s Google email address as well as other sensitive information and uploaded them on its servers. It could also download and execute code relating to this information from remote servers. The app was described by AdGuard as having extensive permission and remote control execution that was capable of introducing serious security and privacy issues. Sensitive information such as healthcare records stored on these servers could be stolen at any time.
When confronted about this dichotomy, the company stated that it wasn’t their intention to collect any “Personally Identifiable Information” (PII), however, the legitimate data collected by the app may sometimes include these PII. The developers revealed that they have rules based on algorithms designed to prevent such unintentional collection of sensitive personal data. Such rules are however not foolproof and would require regular updating.
Sensitive information of users’ health care information can be mined if users are not aware of the need to be more cybersecurity responsible. It is important that Healthcare IT professionals be aware of the risk involved in allowing healthcare information to be hacked into and used for devious purposes by unsuspecting people.