Reklam bloklama üzerine teknolojiler üreten AdGuard yetkilerinin yaptığı açıklamaya göre
TouchPal uygulaması üzerine başlattıkları bir inceleme esnasında, karşılaştırma verisi oluşturabilmek için indirdikleri GO Keyboard'un, daha indirilirken oluşturduğu anormal web trafiğinden şüphelenerek inceleme başlatan AdGuard yetkilileri, yaptıkları inceleme sonucunda ilginç sonuçlara ulaştılar. Android versiyonunuzdan google hesabınıza, cihazınızı hangi dilde kullandığınızdan kullandığınız ağ tipine kadar bir çok gerekli gereksiz bilgiyi size bilgi vermeden toplayan klavye uygulamasının, bu topladığı bilgileri düzinelerce 3. parti "tracker" ve reklam ağlarına gönderdiği anlaşıldı.
[attachment=1]adguard.jpg[/attachment]
Google yetkilerine durumu iletmelerine rağmen ki bu olay Temmuz ayında tespit edilmiş- hala resmi bir açıklama ve cevap gelmedi.
Uygulama hala kullanımda. Resmi açıklama gelene kadar uygulamayı kullanmamanızı tavsiye ediyoruz.
[attachment=0]wp-image-188252126.jpg[/attachment]
İlgili Haberin orjinal metni aşağıdadır
GO Keyboard, an insanely popular custom keyboard app for the Android OS, also available on the official Google Play Store, was caught collecting user data and downloading and running code from a third-party server.
The discovery was made by engineers at AdGuard, a provider of ad-blocking technology. AdGuard says it detected suspicious requests while analyzing the app's web traffic following its installation.
The company says it looked into GO Keyboard's behavior after an incident with another custom keyboard, TouchPal, that started showing ads over the typing area this past July.
App collected user data, ran external code
While investigating GO Keyboard for similar intrusive ads, AdGuard says it detected the app collecting a large amount of data from the device right after installation and sending it to a remote server.
"Without explicit user consent, the GO keyboard reports to its servers your Google account email in addition to language, IMSI, location, network type, screen size, Android version and build, device model, etc.," said Andrey Meshkov, AdGuard co-founder.
The app also communicates with dozens of third-party trackers and ad networks, Meshkov found, and also downloads and runs a 14 MB file blob, also shortly after installation.
Both actions — collecting user data without user consent and downloading and executing code from a third-party server (bypassing the app review process) — is forbidden for apps uploaded on the Google Play Store.
Researchers notified Google. No action as of yet.
AdGuard says it informed Google of the app's behavior, but at the time of their investigation publication, the Google team had not answered their report.
There are two versions of the Go Keyboard [1, 2] that exhibit this behavior, Meshkov said. Both of them have an installation count between 100 and 500 million users, meaning the number of affected users ranges from 200 million to 1 billion.
GOMO Apps — the Chinese app development company behind GO Keyboard — did not respond to a request for comment from Bleeping Computer in time for this article's publication.