In accordance with the recent news a very popular Flash-board disclosed some functions of data collection and transfer to third party servers.
Fkash Keyboard is one of the numerous Android application that has become popular due to its functionality as well as multilingual support and also due to nice design. It was positioned as “extremely adaptive” as well as easy to use in any situation. The total number of downloads as well as installs for this app actually exceeded the ones for WhatsApp; and that’s saying something.
However, it seems that the keyboard was not only useful for its users. As the research by Pentest shows, it actually asked for more permissions than necessary and got access to some private data of its users. For example:
- the app got access to a camera of the device;
- it was also able to replace the lock screen with the ad one;
- it sent alert messages;
- was able to terminate some of the background processes (e.g. antivirus apps);
- it also seems to send the collected data (mostly data about the device model, manufactur, GPS location data as well as IMEI number) to the serves in the US, China and the Netherlands. Pentest believes that these data might have been used for analytics platforms.
Surely, such services are not threatening in their nature; however, the excessive permissions as well as excessive data are one of the things that can always be misused by someone.
It is believed that the app was not developed to be a tracking one intentionally; however, it is rather strange that the Hong Kong-based developer of Flash Kewboard DotC United refused to comment the situation when asked for it by several media resources.
As of late, the application was taken down and is no longer available in Google Play Store; however, a new analogous keyboard developed by the same company is now available for general public. Let’s hope, it does not use the same tricks.