Could your smartphone be leaking your data?


Date: 3 September 2018

Could your smartphone be leaking your data?Given revelations in recent years, it's no surprise that smartphone users have become increasingly conscious of risks to their data privacy.

Many have switched the apps they use. However, even by using end-to-end encrypted apps like WhatsApp or Telegram, it is still possible for data snoopers and harvesters to gain access to private data via an unlikely source.

By connecting with the cloud, some third-party mobile keyboard apps used for streamlining and personalising typing can access and use data from your device - anything you type, including credit card details and passwords. This data can be leaked whenever the app syncs with the cloud.

Whoops - what a giveaway

Notable data leaks in recent years caused by third-party keyboard apps include the case of GO Keyboard, a widely-used custom Android keyboard. When being investigated for intrusive ads in 2017, the app was found to be collecting extensive user data, such as Google account information and even the user's location.

GO Keyboard was also found to be running external code, and was connected to dozens of third-party trackers and ad networks, meaning that up to 1 billion users may have been affected.

The personal data of more than 31 million users of the AI.type virtual keyboard app leaked online in 2017 after the company failed to secure the database's server. Names, phone numbers, location data and Google searches were all revealed.

Even Google's own Gboard keyboard extension gives the company another avenue to harvest users' search queries, regardless of whether it is used in conjunction with end-to-end encryption apps.

Next-Service Prediction - the next level

Despite such problems, third-party keyboard apps have grown in popularity, due to the improved usability, new features, innovative design themes and smart text prediction.

However using these apps does open users up to potential data breaches. This is particularly the case given the latest innovation: Next-Service Prediction (NSP).

Based on what is being typed, NSP suggests restaurants, bars, shops or brands. It allows users to instantly access information from the web, and use different apps within a single chat. Offering to “grab a coffee” with a friend could bring up coffee shop suggestions. Offering to meet a team member tomorrow could trigger your calendar.

NSP algorithms are designed to comprehensively learn and predict user behaviour - so particular care must be taken to ensure data privacy.

Loss of consumer trust

Many institutions are growing sceptical about the security of encrypted apps such as Telegram and WhatsApp. This year, the French Government announced its intention to move to using its own encrypted messaging service.

This is almost certainly just the start of a new trend. Governments and large corporates may well turn to their own messaging services to avoid the possibility of ‘data leaks' - intentional or otherwise.

In light of growing data privacy concerns among governments, security agencies and regular smartphone users, brands must now take steps to renew trust.

The days of ticking the T&Cs without reading them are disappearing, and if brands want to survive and compete, they need to respect the privacy of their customers and ensure their data is kept private.

How to protect private data

In the meantime, as a user, take a closer look at the messaging and emailing apps you're using. The first thing to check is whether they have the right layers of end-to-end encryption. One good alternative to WhatsApp and Telegram is Signal, which has strong encryption credentials to ensure the privacy of your conversations.

You should also make sure you review the free services offered by any app and understand what data you're giving away in return for the service. For instance, using Google as your search engine exposes your personal data and behaviours, but alternatives, such as Qwant, respect your privacy.

You need to do your research and keep on top of the latest changes, so you only use apps that will keep your data secure.

Sponsored post. Copyright © 2018 Olivier Plante, CEO of Fleksy

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.