Light Dark
August 2, 2016 By Larry Loeb 2 min read

SwiftKey, the popular keyboard app that was bought by Microsoft earlier in the year, posted an entry on its blog that outlined immediate changes to its cloud sync service.

Unexpected Predictions

“This week, a few of our customers noticed unexpected predictions where unfamiliar terms and, in some rare cases, emails, appeared when using their mobile phone,” the post read. “We are working quickly to resolve this inconvenience.”

SwiftKey asserted that the irregularities did not pose a security threat to its customers. As a precaution, however, the app has disabled its cloud sync service and email address predictions.

The company admitted that the app’s email address predictor could generate another customer’s email address, and other “unfamiliar predictions” could show up as well. Even if it modifies the methods for harvesting typed emails, SwiftKey still has these unfamiliar phrases coming from somewhere.

It’s good that it is “working quickly” to resolve this major inconvenience, which stops the keyboard from performing the basic function that someone would want it to do in the first place. Without it, why even have the app on your phone?

Strange Suggestions

“A few users on Reddit have noticed that it’s been offering strange suggestions — including emails they’ve never seen and foreign language terms they’ve never used,” CSO Online reported.

The source also noted that one user got a brand new language in the deal. “And now, I’m getting someone else’s German predictions,” CSO Online quoted one user, who recently rooted a Samsung Galaxy S6 phone, as writing. “I have never typed German in my entire life.”

SwiftKey and Passwords

SwiftKey has said that it doesn’t collect any password or credit card data that may be typed by users. While that seems reassuring, consider that the tool has to recognize that the user-typed string is indeed a password. Otherwise, how can it assert that it is not storing it with other user-generated string data?

Microsoft hasn’t said when the cloud syncing feature could return, but one can only hope it will be working properly when it does come back.

 |  | 
Larry Loeb
Principal, PBC Enterprises

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature