Even those Android users who are extremely security-conscious and read all the user agreements may be overlooking some not so obvious methods through which some malicious apps may extract a lot of information about them. According to a latest report of a research firm – UC Davis, the gyroscope Sensors of a smartphone may reveal even the keystrokes entered by the users.
The researchers have come out with a concept app, which is named as TouchLogger, as a proof. The basic problem identified by the researchers is that most users don’t consider it as security risk if any App has access to their gyroscope data.
Whenever the users tap the screen, there are some predictable shifts in the positioning of the phone, so the gyroscope can simply figure out which keys you are tapping on the screen.
The proof of concept app is not really accurate – its accuracy, in reading which keys are being tapped, is only about 70 per cent.
But then even 70 per cent accuracy is big trouble if the users are typing their bank account pin/password on their smartphone’s touchscreen. There is every possibility that if further analysis is conducted on the app, the accuracy may improve.
Since all the smartphones use gyroscopes, the vulnerability lies in all the smartphones, whichever platform they might be using.
The keystrokes pressed on the bigger devices may be predicted more accurately since there is more space on the keyboard of tablets, so the shift in the orientation of the tablet may be more perceptible. As a result, the smartphone operating systems may, in future, incorporate a security mechanism to prevent the gyroscope from accessing such data.