The version of Swiftkey that Samsung ships with its Galaxy phones has a major vulnerability — and it can’t be simply eradicated by removing the app itself.
Picture: Getty Images/David Ramos
Nowsecure highlighted the vulnerability, which affects the preinstalled and unfortunately non-removable version of Swiftkey found on most Samsung Galaxy devices. When Swiftkey decides to update itself on the Galaxy OEM version, it does so without user intervention and writes the update as a system user. That’s a very privileged position in terms of system hierarchy, which opens up the door for a potential attack if the update happened on an insecure Wi-Fi network set up to exploit this particular vulnerability.
Annoyingly, not only can you not uninstall Swiftkey to remove the problem, but installing an updated version of the Google Play Swiftkey app won’t remove the issue either. Samsung was apparently alerted with regards to the issue in 2014, and some carriers may have included patches to mitigate the issue — but it’s not clear whether everyone has to date.