Skip to content

Removed ai.type keyboard from Google Play tried to scam users $ 18 million

27 mayo, 2021

Ai.type is a keyboard for Android and iOS that has not been without controversy. At the end of 2017, the data of 30 million users was leaked and in June 2019 it was removed from Google Play, although it is still installed on the mobile phones of many users and can be downloaded from other alternative stores. Now he returns to the eye of the hurricane after having discovered that the keyboard was trying to scam users.

This is demonstrated by the report by Secure-D, Upstream’s mobile security platform, in which it comments that ai.type, with more than 10 million users, “has been caught making millions of unauthorized purchases of premium digital contentFurthermore, “the app has been displaying millions of invisible ads and making fake clicks.” The firm estimates all of these transactions could have cost users. $ 18 million in unwanted charges.

How to PROTECT your ANDROID from VIRUSES and MALWARE: Tips and Tricks

Maximum activity after being eliminated

Transactions The weeks after it was removed from the Google Play Store were the busiest.

Google removed ai.type in June 2019 and, according to Upstream information, it was since then that a higher volume of suspicious activity was detected, understanding suspicious activities such as unwanted transactions or premium subscriptions. The report speaks of 14 million transactions in 110,000 unique devices, so we are talking about 127 transactions per device, something unusual in this type of application.

The six best keyboards for Android

Upstream blocked these transactions, but if all of them had been executed the total cost would have amounted to 18 million dollars, $ 163 per single device and just over $ 1 per individual transaction. Interestingly, suspicious activity spiked after its removal from Google Play, which makes sense since the security of depending on which third-party app stores, where the app is still available, may not be the same as that of the Google Play Store. .

According to the CEO of Upstream, “the mobile ad fraud market is worth about $ 40 billion annually”

This type of transaction has been detected in 13 countries, mainly in Egypt and Brazil, although there are also European countries such as Poland, Germany or the United Kingdom. Since mid-August, activity has been decreasing, but as of October 2019, around 30,000 suspicious activities have been registered.

Sms premium SMS confirming the unwanted subscription to a premium service.

The company’s researchers were also able to check on various Android mobiles how they were received SMS confirming subscription to premium product services. In the same way, the application contained several advertising SDKs that loaded advertising in the background and an additional JavaScript code that allowed automatic clicks, two elements that were combined to click on ads automatically and falsify the figures in the face of advertisers.

Obviously, the application requested all kinds of permissions, from reading the user’s contact data and reading and writing in the storage to accessing the accounts and recording audio. It is currently out of Google Play and from the Amazon app store, but it can still be downloaded from the App Store (there is no evidence that this version behaves in the way described above).

Via | The Next Web