The virtual keyboard app ai.type, which has racked up 40 million downloads, has been found to sign up users to premium services without their consent
The Android version of the popular virtual keyboard app ai.type has attempted to make over 14 million unauthorized transactions that could have cost the users US$18 million in unwanted charges, reads a report from mobile technology firm Upstream.
The attempted purchases came from 110,000 unique devices across 13 countries. Traffic was mainly high in North Africa and South America, with the illicit activity going through the roof in July of this year and continuing for the following two months. This was actually after the app was pulled from the Google Play store in June.
The app, which has been downloaded over 40 million times, promises to personalize your keyboard with different emojis and fonts and includes features like learning your writing style and auto-correcting your typing mistakes. In fact, you may recall that the app also made headlines last year, when it emerged that its developers had left the personal data of more than 31 million users exposed on an unprotected server.
Upstream has now found that ai.type, once downloaded to a smartphone, starts making unauthorized purchase requests for premium digital content. The app has been subscribing users to premium services using software development kits (SDKs) with “obfuscated hard-coded links back to advertising trackers”.
“These SDKs navigate to the ads via a series of redirections and automatically perform clicks to trigger the subscriptions,” said Upstream. All of this takes place in the b ..
Support the originator by clicking the read the rest link below.
