Home > Cyber News > Flash Keyboard – a Potential Malware with 50 Million Installs on the Google Play Store

Flash Keyboard – a Potential Malware with 50 Million Installs on the Google Play Store

unnamedFlash keyboard is an alternative Android keyboard that’s sold on the official Google Play store. The app could be considered malware, as the permissions required are used to collect personal information. Flash Keyboard has been installed more than 50 million times, and it’s once again available after Google Play deleted it for a short time.

Specifics of Flash Keyboard

Here’s a short excerpt list of Flash Keyboard’s required permissions. The app has access to:

  • Device and app history – sensitive log data and running apps.
  • Identity – the app can read the accounts and contacts on your device.
  • Location – the precise GPS/ Network location of your device.
  • SMS- the app can read your SMS texts.
  • Camera – Flash keyboard can take pictures and record video with your smartphone’s camera.

Learn More about Android App Permissions

These are just a few examples. Also, if installed, Flash Keyboard can force stop other apps, download files without notification, and other intrusive actions. There are also special permissions that prevent users from uninstalling the app easily and put unwanted ads on the lock screen.

Why Does Flash Keyboard Require So Many Permissions?

Why would a simple keyboard app need so many permissions to work? The answer is that it doesn’t. Flash Keyboard is bordering on being a PUP, if not outright malware. While the app can still be technically considered useful, the special permission cannot. Flash Keyboard’s collected user data is said to be send to servers in the USA, the Netherlands and China. The app collects so much personal data that it’s hard to classify it as anything other than spyware.

Google Took Down Flash Keyboard, but Now It’s Back

After a report by Pentest Google took down the app from the Google Play store. However, the app is back and the intrusive permissions are still there.

Flash Keyboard and Similar Google Play Apps: Permission to Steal

This kind of excessive permission requirement is commonplace in the Android store. A huge chunk of the apps ask for access to data that is in no way needed for their app to run. Sadly, people are willing to give them these permissions, mostly out of ignorance as to what they are actually giving away. If there were a bigger user outcry against this kind of data collection, companies would likely stop getting away with it so easily. That’s why people should know more about cyber security. A little knowledge goes a long way to fight unethical cyber behavior by developers such as the ones who made Flash Keyboard.

How to Avoid Data Collection In The Google Play Store

Flash Keyboard was a very popular in Google Play, which proves that even big name apps can turn out to be malicious. Don’t trust someone just because of their big name. Before installing an app, check the permissions set by the developers. If an app wants access to parts of your phone that have nothing to do with its functions (a.i. Flash Keyboard wanting access to your Camera), then it’s wise not to download it. Remember that this kind of data collection can only happen with user consent.

Ventsislav Krastev

Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *