Swiftkey Pauses Cloud Syncing, Leaks Private Data
Swiftkey (recently annexed by Micrsoft) is one of the most used 3rd party smartphone keyboard, well known among Android and iOS users. One of the features I personally love (well, “loved”) about it, is the fact that it saves the user dictionary in it’s own servers. So, even if you get your phone wiped or if you switch phones you can just install the application, login to your account and get all your user-defined words, emails, any slang or lingo into that device. This had been introduced by the company in beta, back in 2013. I remember using that back then, and ever since.
Around a week back, I had started to notice a lot of posts at reddit, twitter stating that people had predictions of emails and passwords that didn’t belong to them. I found it suspicious, but thought it was just a little bug. A friend of mine then reported the same. I use a Xiaomi Redmi Note 3, where the swiftkey comes pre-installed. I was obviously concerned about my security and privacy thus I uninstalled the application and deleted my swiftkey cloud account.
Then, a series of posts got published. The posts were from blogs like Verge, Android Authority, BGR which confirmed that Swiftkey was actually leaking user information to other users. I made a post on Facebook asking people to uninstall the app for now.
Now, the company has paused the cloud-sync feature. They’ll probably fix it soon, as they have a LOT (One million+ users) .We can only hope such a thing never happens again, and I will be reporting what happens to Cloud sync and Swiftkey when we get some information on it. Until then, this is Bharadwaj Giridhar (@goforbg) signing out, #Peace!