情报来源(英文):
https://betanews.com/2017/09/21/go-keyboard-spying-warning/
Reddit讨论串(英文):
https://goo.gl/vjBQ8Y
中国新闻(简体):
https://goo.gl/FtDvtH
没打算全部翻译,就节录一些段落。
Adguard的资安团队警告,由中国GOMO开发团队开发的GO keyboard正监视用户,包含回传
个资到远端服务器,甚至使用禁止的技术下载危险的可执行代码。(原文第一段)
虽然在app的描述页面,开发者表明了不会收集用户资料,但显然与他们的隐私政策相背
。(原文第四段)
"Without explicit user consent, the GO keyboard reports to its servers your Go
ogle account email in addition to language, IMSI, location, network type, scre
en size, Android version and build, device model, etc."
未经用户特别同意,GO keyboard会回传你的Google信箱帐号,包含语言、IMSI、地点、
网络种类、萤幕大小、安卓版本和建置、装置资讯等等,至他们的服务器。
"Google's policies also ban the practice of downloading “executable code, suc
h as dex files or native code, from a source other than Google Play.” Again,
Adguard found that this is exactly what GO Keyboard is doing — downloading an
d executing code from a remote server."
谷歌的政策也禁止自Google play以外的地方下载可执行代码,例如dex档和本地码。 一样地,Adguard发现这正是GO keyboard正在做的