Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Flash Keyboard – a Potential Malware with 50 Million Installs on the Google Play Store

unnamedFlash keyboard is an alternative Android keyboard that’s sold on the official Google Play store. The app could be considered malware, as the permissions required are used to collect personal information. Flash Keyboard has been installed more than 50 million times, and it’s once again available after Google Play deleted it for a short time.

Specifics of Flash Keyboard

Here’s a short excerpt list of Flash Keyboard’s required permissions. The app has access to:

  • Device and app history – sensitive log data and running apps.
  • Identity – the app can read the accounts and contacts on your device.
  • Location – the precise GPS/ Network location of your device.
  • SMS- the app can read your SMS texts.
  • Camera – Flash keyboard can take pictures and record video with your smartphone’s camera.

Learn More about Android App Permissions

These are just a few examples. Also, if installed, Flash Keyboard can force stop other apps, download files without notification, and other intrusive actions. There are also special permissions that prevent users from uninstalling the app easily and put unwanted ads on the lock screen.

Why Does Flash Keyboard Require So Many Permissions?

Why would a simple keyboard app need so many permissions to work? The answer is that it doesn’t. Flash Keyboard is bordering on being a PUP, if not outright malware. While the app can still be technically considered useful, the special permission cannot. Flash Keyboard’s collected user data is said to be send to servers in the USA, the Netherlands and China. The app collects so much personal data that it’s hard to classify it as anything other than spyware.

Google Took Down Flash Keyboard, but Now It’s Back

After a report by Pentest Google took down the app from the Google Play store. However, the app is back and the intrusive permissions are still there.

Flash Keyboard and Similar Google Play Apps: Permission to Steal

This kind of excessive permission requirement is commonplace in the Android store. A huge chunk of the apps ask for access to data that is in no way needed for their app to run. Sadly, people are willing to give them these permissions, mostly out of ignorance as to what they are actually giving away. If there were a bigger user outcry against this kind of data collection, companies would likely stop getting away with it so easily. That’s why people should know more about cyber security. A little knowledge goes a long way to fight unethical cyber behavior by developers such as the ones who made Flash Keyboard.

How to Avoid Data Collection In The Google Play Store

Flash Keyboard was a very popular in Google Play, which proves that even big name apps can turn out to be malicious. Don’t trust someone just because of their big name. Before installing an app, check the permissions set by the developers. If an app wants access to parts of your phone that have nothing to do with its functions (a.i. Flash Keyboard wanting access to your Camera), then it’s wise not to download it. Remember that this kind of data collection can only happen with user consent.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.