We rely on our apps. Every day, we use our favorites to check the news, the weather forecast for our upcoming holidays, and to communicate with our beloved ones. Some apps, especially system apps, are continuously used regardless of other apps that are in use. Keyboard is one of them.
Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected to an open or public Wi-Fi network, your phone is under risk of a very common –and dangerous –attack: the man-in-the-middle. MITM compromises your connection, allowing a third party to eavesdrop on your Internet activity. This includes the passwords you’re entering using the very same keyboard, your financial information—everything.
Your security depends on the use of a VPN. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Like our product Avast SecureLine, a VPN creates an encrypted tunnel for inbound and outbound data of your Internet connection, blocking any possibility of a man-in-the-middle attack.
Unfortunately, the story does not end here. If you use SwiftKey while connected to an insecure Wi-Fi network, the attacker can also download malware into your phone or tablet. This is where Avast Mobile Security & Antivirus (AMS) comes into play. Some users think that we don’t need a security product in our phones. They might also think that antivirus companies exaggerate the need for security apps just to sell their products. Not only does AMS scan the installation process of apps, but it also checks the Internet sites you’re visiting and malicious behavior of any file in your device.
There is another need for a security program. When Google updates its app permission scheme in Lollipop, we’re alerted of a possible abuse of the scheme if an app requires more permissions under the “Other”category. However, in the next Android version M, apps will not ask permission for Internet connection (as you may think that any app requires Internet connection, right)?
If you have a Samsung S4, S5 or S6, running the stock operational system still poses as a risk —currently, the vulnerability has still yet to be resolved by SwitfKey nor Samsung. On the brighter side, you’re in luck if you use SwiftKey from Google Play (as an user app, not a system one) as it does not suffer from this issue.
You’re as secure as your apps’developers allow them to be. As shown in this case, even the most useful, popular app can contain vulnerabilities that could be abused without making use of proper protection when connecting to open Wi-Fi networks and having an up-to-date security app running in your Android..