Skip to content
Naked Security Naked Security

SwiftKey pulls the plug on its leaky sync

No need to panic, the company says, after mixing up cloud-synced accounts, languages, email addresses and phone numbers

Mobile device typing predictor app SwiftKey has shut down its cloud-syncing service after mixing up strangers’ accounts, with users reporting that it was suggesting others’ email addresses, recently called numbers, and languages.

Or, to work off of the word selections one Reddit user found on a Galaxy S6 10 days ago, “Ich habe die” what now?!

As screen captures appear to show, SwiftKey was suggesting to Reddit user JawaharlalNehru somebody else’s Yahoo email address and German predictions, though he or she says they’ve never typed a word of German:

Today my galaxy s6 finally went out of warranty. So I rooted it and installed the XtreStoLite rom.
Then I restored all my apps from the play store.
I logged into SwiftKey with Google+.
And now, I’m getting someone else’s German predictions with only English(uk) pack installed. I have never typed German in my entire life…
I also was suggested an email id in an email field.

JawaharlalNehru reports that they went on to delete the SwiftKey account, but the German suggestions and the email ID persisted.

Another Reddit user reported that they were getting Spanish suggestions after a factory reset on another Samsung device: a Galaxy Note 4.

The free app, which uses artificial intelligence (AI) to predict the next word you want to write (or an emoji that might fit the bill), has been around on Android for years and it’s also now available for iOS.

Microsoft, interested in all things AI these days, purchased SwiftKey in February for a reported $250 million.

The app has access to a user’s typing history, including emails, social media conversations, and text messages. SwiftKey analyzes it all to incrementally learn usage patterns.

What does Microsoft want with our typing histories? Well, if it’s anything like Microsoft’s other AI adventures, it could well have to do with mining for marketing gold.

In December, we learned that Microsoft was training AI to read facial recognition: something that Microsoft’s Technology and Research group suggested developers might want to use to create systems that marketers can use to “gauge people’s reaction to a store display, movie or food.”

Last week, SwiftKey developers suspended its cloud sync service and removed email address predictions.

The company said on Friday that only a few users had been affected.

According to The Telegraph, one of those users claimed to have been contacted by a stranger and told that their brand-new phone had suggested two of the user’s email addresses, as well as contact phone numbers, when they were logging into an online account.

The Telegraph quotes the user:

A few days ago, I received an email from a complete stranger asking if I had recently purchased and returned a particular model of mobile phone, adding that not one but two of my email addresses (one personal and one work address) were saved on the phone she had just bought as brand-new.

The affected user said that the stranger went through each letter of the alphabet and relayed what the suggested words were. They included the names of the user’s friends and email addresses – even email addresses connecting to what should be private, work-related servers.

It also suggested, when she typed a zero, the telephone number for someone I had phoned recently.

SwiftKey had this to say on its blog:

 This week, a few of our customers noticed unexpected predictions where unfamiliar terms, and in some rare cases emails, appeared when using their mobile phone. We are working quickly to resolve this inconvenience.

While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions. During this time, it will not be possible to back up your SwiftKey language model.

A SwiftKey spokesperson told The Telegraph that the app is safe to use. It promised to update its blog with more news as it works out the kinks en este aplicación dañada.


5 Comments

Lisa, I have a correction, but it’s for SwiftKey’s PR blog entry, and not your article:

‘While this did not pose a security issue for our customers, we have turned [the entire definition of “security issue” on its ear]’

Yikes

Why would anyone pay for the SwiftKey app (or Swype), now that Google provides a free app, Google Keyboard, with the same function?

Choice? Spreading your personal info through a number of companies that collect usage data about you, so it’s not Google getting everything? (Same sort of reason some people who use Gmail try to stick to Bing for search, or who use Google for search try to stick to Outlook.com for email?) Maybe you aren’t using Google’s distribution of Android, but are using AOSP or CyanogenMod or some other firmware build, so that Google’s app isn’t free? Maybe you just like supporting alternative vendors with alternative products? Lots of reasons out there :-)

“as it works out the kinks en este aplicación dañada.” Got a bit of the SwiftKey mixed up language suggestions into the article? :)

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?