Who/what is Ai.Type?
Ai.Type designs and develops custom keyboards for mobile devices. Their target audience includes anyone who uses a smart phone and wants to customise their experience.
What happened and why?
31 million Android users personal data was publicly visible in a misconfigured MongoDB database. Sources haven't confirmed of any malicious data breach yet, but security researchers stumbled across the exposed database. Access was gained by simply navigating to the database location due to the lack of requiring a password.
The app requested permissions to access a huge amount of the users personal data. A full list taken from the researchers report can be seen below:
Phone number, full name of the owner, device name and model, mobile network name, SMS number, screen resolution, user languages enabled, Android version, IMSI number (international mobile subscriber identity used for interconnection), IMEI number (a unique number given to every single mobile phone), emails associated with the phone, country of residence, links and the information associated with the social media profiles (birthdate, title, emails etc.) and photo (links to Google+, Facebook etc.), IP (if available), location details (long/lat).
Not only did the app request a huge amount of the users data, the 577gb's of data were public facing, without any means of security.
Could this be avoided and how?
Naturally, setting a password would have prevented the data from being easily visible without any hassle. Securing the database with a password might not necessarily prevent a breach, however it would definitely be enough of an deterrent for the majority of attackers.
Advice for future users?
Whether you were a user of Ai.Type or not, it is always important to check the permissions requested by an app rather than just accepting them on installation and never assume that your personal data is safe. Naturally, don't become paranoid about every app installed on your phone but just keep an eye out for any potential dangers lurking in the piles of apps.