- Jan 24, 2011
- 9,378
Google removed one of its Top 20 most popular Android apps from the Play Store after an investigation from Pentest, a UK-based cyber-security firm who discovered that the app violated Google's policies by showing a deceptive behavior.
Pentest's engineers found that the app requested more permissions than its native behavior needed, asked for admin privileges in order to make uninstallation more difficult, hijacked the user's screen to show ads, and collected and transferred user information to a third-party without the user's permission.
App had more than 50 million downloads
The app's name is Flash Keyboard, and before the Pentest report, it was ranked #11 in Google's most popular Android apps, with over 50 million downloads. As its name hints, the app is a replacement for Android's stock keyboard, developed by DotC United.
Pentest found it exaggerated that the app would require access to a phone's Bluetooth connection, geo-location feature, or WiFi status.
Additionally, the app would ask for access to kill background processes, read SMS messages, show system overlays, or remove download notifications. Pentest says there are no reasons for a keyboard app to require these intrusive permissions.
Further, Pentest detected that Flash keyboard was asking for device admin permissions, and was using these powers to take over the phone's lock screen and show ads.
Read more: Android Keyboard App with over 50 Million Installs Secretly Collects Your Data
Pentest's engineers found that the app requested more permissions than its native behavior needed, asked for admin privileges in order to make uninstallation more difficult, hijacked the user's screen to show ads, and collected and transferred user information to a third-party without the user's permission.
App had more than 50 million downloads
The app's name is Flash Keyboard, and before the Pentest report, it was ranked #11 in Google's most popular Android apps, with over 50 million downloads. As its name hints, the app is a replacement for Android's stock keyboard, developed by DotC United.
Pentest found it exaggerated that the app would require access to a phone's Bluetooth connection, geo-location feature, or WiFi status.
Additionally, the app would ask for access to kill background processes, read SMS messages, show system overlays, or remove download notifications. Pentest says there are no reasons for a keyboard app to require these intrusive permissions.
Further, Pentest detected that Flash keyboard was asking for device admin permissions, and was using these powers to take over the phone's lock screen and show ads.
Read more: Android Keyboard App with over 50 Million Installs Secretly Collects Your Data
