Security Researchers Warn that Third-Party GO Keyboard App is Spying on Millions of Android Users (betanews.com) 65
An anonymous reader shares a report: Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code." Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information. Adguard notes that there are two versions of the keyboard in Google Play which it claims have more than 200 million users in total.
Ok...why do you need multiple keyboards? (Score:2, Interesting)
What does the default keyboard not offer?
Re:Ok...why do you need multiple keyboards? (Score:4, Informative)
I need a different keyboard because the default keyboard doesn't have a ton of standard keys.
Re: (Score:2)
ON a digital product like a phone, I'm at a loss to know why someone would need another keyboard?
I found a "Key Features" blurb for GO Keyboard:
GO Keyboard (Emoji Free) enables to quickly type a text on the Android device. Integrated with an accurate auto-correction and a next-word prediction, the number of mistakes on each typed phrase is greatly reduced. The Swipe typing Mode is enhanced for this version. This application gathers about 800 free Emoji, emoticons and text face display that can be used directly via the keyboard. Apart from that, it also offers no less than 140 personalized themes that are constantly updated. Thanks to this app, the user can be sure to have all his sensitive private data entirely secure. Indeed, GO Keyboard (Emoji Free) is designed to block collecting private information such as password or credit cards. This is making the app quite interesting compared to other keyboard apps of its genre. More than 60 languages are supported by this application. This is essential if the user has to type other language than English. GO Keyboard (Emoji Free) can support English, French and German and still many others.
It sounds like it offers very little.
Re: (Score:2)
...the user can be sure to have all his sensitive private data entirely secure.
And, sent to China for free backup protection!
Re: Ok...why do you need multiple keyboards? (Score:4, Informative)
I don't even understand how that is "emoji free"
GO Keyboard: Emoji free. Other keyboard: Emoji cost extra. gnick understand.
Re: (Score:1)
Now. Back when it first came out, it was much better than the standard Android keyboard. I think a lot of people are still using it just because they have always used it.
Re: (Score:2)
Hmm..guess I need to go look up what a "swipe" keyboard is.....?
Re: (Score:3)
Swype, not Swipe. It's the one I use. It's got its pros and cons.
http://www.swype.com/ [swype.com]
Re:Ok...why do you need multiple keyboards? (Score:5, Informative)
Swyping functionality used to be a big one.
Language support that the default phone doesn't include.
Handwriting mode, if you're into that.
Better autocorrect libraries
Alternative layouts, if you like dvorak
New features, such as syncing personal word lists to the cloud.
That's what comes off the top of my head, if I thought about it I could come up with dozens more.
(Bias note: I worked at Swype, the first popular 3rd party keyboard).
Re: (Score:3, Informative)
Re: (Score:2)
Same here, why do you spell bash in all caps?
Re: (Score:3)
It's an acronym for Bourne Again SHell.
Re: (Score:2)
I know that, I just looks weird and un-unixish to capitalize it. The binary is called bash, the documentation uses Bash or bash.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
There was a decent keyboard app, but forgot the name, which was great for UNIX stuff, and offered a bunch of customizations, be it arrow keys, key size, color, and a lot of other options. I think it was Swiftkey, but not sure.
Of course, the nice thing about Android and a rooted device... the keyboard could be firewalled, just in case it decided to try to phone home.
Re: (Score:2)
The standard Android keyboard is terrible. I don't know what it is, but for some reason, typing on my Nexus 6p is full of errors, yet if I use my iPhone 4s, it works fine (and well, despite the screen bein g almost half the size).
The only good thing I can say about the Android keyboard is it pops up the number bar when I enter passwords so I don't have to switch to the sy
Re: (Score:2)
If you spend a lot of time entering text on your phone minor conveniences would add up over the course of a day.
It wouldn't make a difference for someone like me, since I at most spend a couple of minutes a day on my phone keyboard. On the other hand for most people the old buckling spring Model M keyboard I use when I'm coding is just a weird, ugly, noisy old dinosaur (kind of like me I guess). They wouldn't see the point, until they spend all day typing on the thing.
Re: (Score:2)
What does the default keyboard not offer?
You own an iPhone and can't change the keyboard don't you?
Re: (Score:2)
You own an iPhone and can't change the keyboard don't you?
Why would I need to?
Re: (Score:2)
Don't know. All software runs on Windows and Android, why would you "need" Apple or Linux?
The point was, people who are locked into a keyboard don't understand that alternatives exist with widely different feature sets. E.g. the keyboard I installed intelligently flips between multiple languages for the spell checker. I also used to use a Swipe keyboard which was much easier to write with than the stock Samsung or Google one, though Google has closed the feature and quality gap with Swipe.
Re: (Score:2)
ON a digital product like a phone, I'm at a loss to know why someone would need another keyboard?
What does the default keyboard not offer?
I use "Hacker's Keyboard", which offers full QWERTY layout, with optional additional numbers/symbols row, has a Ctrl, Alt, tab and arrow buttons. All at once. That lets me type on my phone like a normal keyboard. No pressing a button to toggle into "number mode" or "symbol mode". When typing mixtures of things, such as complex passwords, or when using proper punctuation, it's way faster than traditional mobile keyboards.
In short, I don't type things like "i b cn u ok lol", so a richer keyboard experie
Re:Ok...why do you need multiple keyboards? (Score:5, Interesting)
I can't speak for the Go keyboard. I've never used it. Nor am I going to tell you the 3rd party software keyboard that I use, I think people should just try different keyboards until they find one that's right for them.
But for me, it offers speed and convenience (at the cost of privacy).
In other words, if privacy is your number one concern, please read no further, custom 3rd party keyboards are not for you.
My own keyboard knows what I'm going to say before I say it. It has access to my last twenty years of emails, sms/texts, and the little bit of social media content I've generated. It remembers previously used phone numbers, email addresses, and physical addresses. It shares information to the cloud and across devices. If I'm typing a previously used address into Waze or Google Maps on a new phone, it will do a better job of completing that address than either of those two applications will.
But don't visualize the typical auto-complete search form you might find on google, nor the typical PC auto expander application you might download from a shareware site, my keyboard may know the next words that I'm going to write, since it doesn't need me to type a single letter before suggesting words, but it still offers its suggestions word by word in case I need to deviate from my usual pattern (and offers me alternative suggestions from other patterns I've used). And in that sense, I think it's much less distracting than the auto-complete mechanism used on a google search form (on the google search form, auto-complete is more of an exploratory mechanism).
My keyboard knows grammar and spelling for my native French which I do not remember perfectly. It can do French accents, without me having to press and hold a key, or without me having to go into an alternate keyboard. It allows me to mix French and English when writing to family members (instead of highlighting all my mistakes in French when enabling the English spell checker, or highlighting all my mistakes in English when enabling the French spell checker). If you're trilingual, it allows you to use or mix up to three European languages at the same time.
I don't know how it handles non-European languages, but I would assume that there are third-party keyboards that specialize in Asian, Middle-Eastern, and other exotic languages. And if god forbid, if I don't want it to remember a particular porn website I use or the search keywords that I use on that porn site, I just long press on the suggestion to delete it from its database. Also, the keyboard is designed not to save what's entered into password fields.
And the default Android keyboard is great, in fact, it copied many of the great features 3rd party Android keyboards pioneered, but it is still playing catch up to some of those other 3rd party keyboards.
Re: Ok...why do you need multiple keyboards? (Score:2)
> ON a digital product like a phone, I'm at a loss to know
> why someone would need another keyboard?
Graffiti. Laugh if you must, but I've been using Graffiti for more than 20 years (I got my first Palm Pilot in 1997). By now, it's burned into muscle memory... I don't even have to think about it anymore. It's subconscious. Without it, I'm totally handicapped.
The sad thing, though, is accuracy. A 16MHz Palm III achieved nearly flawless recognition. An 8-core 2GHz+ Nexus 6p still struggles to not fuck up
Re: (Score:2)
Does your keyboard have Chinese?
I actually have two google keyboards, not that I trust google, it's just that the standard keyboard doesn't have Chinese and Microsoft bought swiftkey.
But if you look at the big example of a phone with ONE keyboard, it doesn't offer swipe/slide to type (or at least it didn't for a very long time, I have no idea about how iphones are these days). It also still doesn't have decent autocorrection.
Different keyboards focus on different things. Better predictive text, better emoji
Re: (Score:2)
Hmm, let me see, ohh, how about the fucking alphabet, you know the silly shit, ABCDEF instead of fucking QWERTY, why querty because you need it for manual mechanical typewriters https://en.wikipedia.org/wiki/... [wikipedia.org] so the type bars wont jam. Apparently the gender conused don't like the alphabet because it is too traditional and demand the alphabet be altered from ABCDEF to QWERTY, why because they are gender confused and that's enough reason for anything and everything, challenge that and be publicly attacked.
Re: (Score:2)
Because tiny touch screens don't lend themselves to traditional keyboard layouts unless you have Nosferatu-like fingers.
That answers the question why you might need another keyboard.
It doesn't however answer the question why you would use the "Go" keyboard.
anything made in China (Score:2)
What permissions does it request at install ? (Score:2)
Oh, I forgot: very few people even look at what the app is asking for, just as they click 'accept' to the T&Cs without having read them.
Re: What permissions does it request at install ? (Score:2)
All devices need user controlled firewalls (Score:1)
Every device with a UI (i.e. desktops, phones) needs a firewall that will not let *any* traffic out of the machine unless the user has approved it. Early versions of Zone Alarm on Windows were a perfect example of this done well. When a program tried to connect outwardly you were alerted. Proved vital in catching lots of nasties of less tech savvy friends machines before they'd managed to download their full payload etc..
And it should not be possible to add rules to the firewall programatically. The user sh
The AdGuard app (Score:2)
Next thing you know RedGuard app discovers AdGuard is sending info back to their own servers.
No Privacy policy (Score:3)
Your directed here https://adguard.com/en/privacy... [adguard.com] from here https://adguard.com/en/privacy... [adguard.com] me thinks they may be rewriting it.
Hacker Keyboard (Score:2)
https://play.google.com/store/... [google.com] came with a ROM for the Xoom and I've used it every since. It allows key combos like ctrl+C/V and doesn't spy one you.
tell me again why you hate Apple? (Score:1)
Re: (Score:2)
It all depends on how much you trust the company. My keyboard downloaded local dialect words and location names when it saw I got off a plane. You can't do cool things like that on iOS, because Big Brother knows better (and wants all that data all to itself).
Re: (Score:2)
iOS can do that, actually. You just have to enable it. Alternative keyboards by default DO NOT have network access. You have to turn it on manually. And users usually want you to tell them why.
and in this case, Big Brother knows better because Big Broth
Re: (Score:2)
LineageOS https://forum.xda-developers.c... [xda-developers.com] ? Google and Motorola phones were very good at allowing custom ROMs, till a TOS change.
Alternately you want the ability to install and edit a HOSTS file.
Re: (Score:1)
Why would that matter? (Score:1)
On Android you already know Google is spying on you, so why does it matter if another third party gets in on that action?
Good reason to.... (Score:2)
Good reason to disable network for all apps and services you don't explicitly trust.
Re: (Score:2)
Good reason to disable network for all apps and services you don't explicitly trust.
When I play a game I'll put it in "Airplane Mode" which blocks all but the built in ADs. When I'm done I'll go into APPS and "force stop" the application before unselecting Airplane Mode. It's extra steps but gives me a feeling of being in control however so slightly.
This shit just doesn't happen on iOS (Score:2)
You know, people piss and moan all the fricking time here about Apple and iOS. But this kind of thing never, ever, happens on iOS -- because it can't. Meanwhile, Android leaves ordinary people hugely vulnerable all the time. It would be nice if the many critics of Apple on Slashdot would be willing to admit that security vulnerabilities like this are a significant disadvantage of their preferred platform.