App-keyboard “watched” for Android users.
Pentest, the company announced that the Android Flash Keyboard gathered information about the user downloaded it and sent it to the server in the USA, China and the Netherlands.
Pentest experts noted that the app has been installed over 50 million times. Not counting spy on users, introducing potentially harmful advertising, and asks suspiciously high privileges for normal applications.
In particular, the program requests permission to access the camera device, the alert mail system, locating data, GPS and Wi-Fi, as well as to replace the default lock screen on the display ad, deleting background processes (usually requested anti-virus solutions).
Flash Keyboard collects and sends user information on servers located in the USA, China and the Netherlands. The data include information about the manufacturer and model of the device, IMEI, MAC address, email address of the owner of the device, OS version, GPS coordinates (accurate to 1-3 meters) and details of any proxies used by the gadget.