Don't miss the latest stories
Popular Android App Has Been Secretly Making Purchases On Users’ Behalf
By Mikelle Leow, 04 Nov 2019
Image via ThomasDeco / Shutterstock.com
If you’re an Android user and have been noticing mysterious dips in your credit card balance, it’s probably time to change your keyboard.
A new report by security platform Secure-D details the discovery of violations made by popular emoji keyboard ai.type, which has been making unauthorized purchases of premium digital services on behalf of users.
The free keyboard app has been downloaded over 10 million times through the Google Play Store and claims to have been installed by 40 million users. While it was removed by Google in June 2019, the millions of users who still have the ai.type on their phones could still be suffering the brunt of its attacks.
Secure-D describes that it stopped 14 million transaction requests spanning over 110,000 devices from going through. If it had not stepped in, users across 13 countries would have collectively lost US$18 million from the unwanted purchases.
Suspicious activity spiked after Google took down the app, and is more prevalent in Egypt and Brazil.
In addition, ai.type has been found to have automated ad views and clicks in the backgrounds of phones, eating into people’s data and creating performance issues in devices like overheating and slowing them down.
Occasionally, ai.type would pretend to be other popular apps, such as Soundcloud, and seek permissions to access unnecessary content like contacts, text messages, photos, videos and on-device storage.
“Android users should immediately check their phones to see if they have any suspicious app installed,” Secure-D warns. “If so, they should uninstall it immediately and review any new mobile airtime charges for possible fraud.”
[via The Next Web, cover image via ThomasDeco / Shutterstock.com]
More related news
Also check out these recent news