Microsoft's SwiftKey suspends sync after keyboard leaks strangers' contact details

SwiftKey has switched off its sync service after users began receiving odd predictions, apparently from other people's devices.
Written by Liam Tung, Contributing Writer

As well as offering odd predictions, the bug also seems to suggest them in foreign languages users have never used before.

Image: SwiftKey

Microsoft-owned SwiftKey has suspended its cloud-sync service and switched off email address predictions after multiple reports of the keyboard app delivering suggestions for strangers' email addresses and phone numbers.

The move followed reports a week ago that the app was offering up email addresses to people they've never met.

According The Telegraph, one user claimed to have been contacted by a stranger and told that their brand-new phone had suggested two of the user's email addresses, as well as contact phone numbers.

Reports of the bug also cite some users receiving predictions in languages they'd never used previously.

"I logged into SwiftKey with Google+ and now, I'm getting someone else's German predictions with only English (UK) pack installed. I have never typed German in my entire life," one Reddit user reported last week.

"I just went to the Gmail login ID field and I saw someone else's email as a suggestion," wrote another Reddit user, who reported that the app was erroneously offering Spanish suggestions.

SwiftKey has been one of the most popular third-party keyboards for Android for several years, but only arrived on iPhones after Apple relaxed rules in iOS 8.

For iOS, SwiftKey says words and phrases never leave a device unless the user has opted in to the SwiftKey Cloud service.

SwiftKey on Friday suggested the leaked contact details are due to a glitch in this sync service, which normally backs up what the app learns about a user to SwiftKey servers and then syncs that data to the user's other devices.

While apparently mixing up those details with wrong accounts could be a potential privacy nightmare, SwiftKey said the issue was not widespread and that it didn't pose a security risk to customers.

"This week, a few of our customers noticed unexpected predictions where unfamiliar terms, and in some rare cases emails, appeared when using their mobile phone. We are working quickly to resolve this inconvenience," the developer said.

"While this did not pose a security issue for our customers, we have turned off the cloud sync service and have updated our applications to remove email address predictions. During this time, it will not be possible to back up your SwiftKey language model."

Microsoft acquired SwiftKey for a reported £250m earlier this year, in part to further its development of natural language processing and artificial intelligence. SwiftKey technology also helped Microsoft deliver its Word Flow keyboard app for iOS.

For Microsoft, it's the second recent app acquisition that has triggered concerns over security and privacy. The EU parliament and several universities last year began blocking Microsoft's Acompli-based Outlook app due to concerns over the way it stores login credentials.

Read more on SwiftKey

Editorial standards