SwiftKey users reported seeing other users’ email addresses and autocorrect suggestions, prompting SwiftKey to shut down its cloud sync service
Keyboard maker SwiftKey has been forced to turn off its cloud sync service after the app started leaking user email addresses.
Last weekend some SwiftKey users took to Reddit to complain that they were seeing their SwiftKey app’s autocorrect suggest email addresses and words in a different language to their own.
“I’m getting someone else’s German predictions with only English(uk) pack installed. I have never typed German in my entire life,” said Reddit user JawaharlaNehru, in a post titled ‘Holy F**k! SwiftKey is giving me someone else’s suggestions. Including email IDs and all.’
“I also was suggested an email id in an email field,” the user said.
Last Monday, SwiftKey responded to the data leak in a blog post, but claimed the bug did not pose any security issues.
“This week, a few of our customers noticed unexpected predictions where unfamiliar terms, and in some rare cases emails, appeared when using their mobile phone. We are working quickly to resolve this inconvenience,” said SwiftKey.
“While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions.”
Microsoft acquired London-based SwiftKey back in February, paying $250 million (£189m) for the service, which is available on both iOS and Android.
The app has more than 300 million users worldwide, but this incident is not the first security issue to plague the app.
In 2015, Samsung rushed to fix a critical vulnerability found in the preinstalled SwiftKey keyboard app shipped with millions of its smartphones.
The vulnerability, discovered by Ryan Welton, mobile security specialist at NowSecure, allowed attackers to remotely execute code as a privileged (system) user, and affected models including the Samsung Galaxy S6, S5, S4 and S4 mini.
At the time, SwiftKey told TechWeekEurope that the vulnerability was down to the way that Samsung integrated the app onto its smartphones.
“We supply Samsung with the core technology that powers the word predictions in their keyboard,” the company said. “It appears that the way this technology was integrated on Samsung devices introduced the security vulnerability. We are doing everything we can to support our long-time partner Samsung in their efforts to resolve this important security issue.”