Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Input Devices Privacy

Some Users Find Swype Keyboard App Makes 4000+ Location Requests Per Day 191

New submitter postglock (917809) writes "Swype is a popular third-party keyboard for Android phones (and also available for Windows phones and other platforms). It's currently the second-most-popular paid keyboard in Google Play (behind SwiftKey), and the 17th highest of all paid apps. Recently, users have discovered that it's been accessing location data extremely frequently, making almost 4000 requests per day, or 2.5 requests per minute. The developers claim that this is to facilitate implementation of 'regional dialects,' but cannot explain why such frequent polling is required, or why this still occurs if the regional function is disabled. Some custom ROMs such as Cyanogenmod can block this tracking, but most users would be unaware that such tracking is even occurring." Readers in the linked thread don't all seem to see the same thing; if you are a Swype user, do you see thousands of location requests, none, or something in between?
This discussion has been archived. No new comments can be posted.

Some Users Find Swype Keyboard App Makes 4000+ Location Requests Per Day

Comments Filter:
  • by Torp ( 199297 ) on Sunday May 04, 2014 @06:07AM (#46912065)

    ... than malice.
    Or malice (location tracking) plus gross incompetence in implementation.

    • by mrxak ( 727974 ) on Sunday May 04, 2014 @06:09AM (#46912073)

      Either way, I'm glad I don't use Swype.

      • by TheRaven64 ( 641858 ) on Sunday May 04, 2014 @06:34AM (#46912145) Journal
        The Google Keyboard for Android sends what you're typing to Google servers 'to improve suggestions,' so I don't think that asking for your location a lot is the worst invasion of privacy of a mainstream on-screen keyboard app. The AOSP keyboard also requires a phenomenal list of permissions, including the ability to download files without notification, read contacts, modify or delete contents of USB storage and view accounts on the device. No idea why it needs all of these things - I wouldn't mind so much if it had access to all of my data for improving predictions if it didn't also have the ability to make network connections.
        • by robmv ( 855035 ) on Sunday May 04, 2014 @07:01AM (#46912217)

          download files without notification: dictionary updates
          read contacts: suggestions
          modify or delete contents of USB storage: I don't know why it needs this one, store dictionary outside private app directory?
          view accounts on the device: suggest your email address

          • by TheRaven64 ( 641858 ) on Sunday May 04, 2014 @08:21AM (#46912475) Journal

            download files without notification: dictionary updates

            Could be bundled as part of the application, updated via the normal mechanism, without requiring it to have a permission that allows it to send data remotely ('download' can mean an HTTP GET with a really long query).

            read contacts: suggestions

            Most of the time, I'm not typing a contact's name so this sounds like it would lead to a lot of false positives. I've never seen it suggest a name that isn't a common English name though, so it doesn't seem to actually need this.

            modify or delete contents of USB storage: I don't know why it needs this one, store dictionary outside private app directory?

            If that is the case, it's bad design.

            view accounts on the device: suggest your email address

            It doesn't seem to ever do that for me...

            • by AuMatar ( 183847 )

              You're wrong on a lot of levels.

              Dictionary updates can't be bundled when you have 80+ languages of over 1 MB each. OEMs and consumers complain about apk size already, and different languages will be updated at different rates. You don't want to make everyone download a new version because hinglish was updated (yes, that's a real language). Thus downloads from the internet.

              Reading contacts- It suggests my contact's names a fair amount of the time. Of course I have a lot of non-english names in my contac

              • Dictionary updates can't be bundled when you have 80+ languages

                Then the maker of Swype should release a dictionary app for each language, with a name like "Swype in Hinglish". Because different Android applications built with the same publisher certificate can communicate pretty much freely, the word completion would rely on a database stored in the dictionary app. (Only updates to standard English would trigger updates of the Swype app itself.) Then the user could install an app for each language that she uses, and when the maker of Swype wants to update a dictionary,

                • by AuMatar ( 183847 )

                  Yeah. Now in the real world multi-lingual users don't want to download multiple keyboards and switch between them, and if you release multiple keyboards with multiple feature sets you just have an organization nightmare that will confuse users. Plus you seem unprofessional- what app on your phone or your computer can't just download needed extensions automatically when you hit the install button for the feature? Nothing made in the last 10 years.

                  • by tepples ( 727027 )

                    Now in the real world multi-lingual users don't want to download multiple keyboards and switch between them

                    You'd download one app (Swype) and it'd come with the English dictionary. Then you'd download additional apps (Swype en español, Swype auf Deutsch, Swype Knows Your Name, Swype Local, etc.) that provide dictionary services to the main Swype app. Only Swype Knows Your Name would see contacts, and only Swype Local would see location.

                    what app on your phone or your computer can't just download needed extensions automatically when you hit the install button for the feature?

                    When you tap Install, it'd take you to the extension's Play Store page to download it.

              • Facebook, cant even run from SD card, cant even use Sdcard data... Just waste the space on the main core flash.

                Are there idiots at facebook?

          • You used to need the write to external storage permission to save the app to the external Smart Card. My old Hauwei Ascend ii had 128 megs of internal ram. A few updates from google and that was full, so if your app couldn't install to my 8 gig sim card then your app wasn't getting installed on my phone.
        • by Lumpy ( 12016 )

          Which is why the hacker keyboard is on mine. it doesnt do any of this crap.

        • by allo ( 1728082 )

          use the aosp one.

        • by knarf ( 34928 )

          Just put it behind the firewall, no more requests to Google. Use something like privacy guard (in CM) or a similar 'datawall' to keep it from your personal data. Disable location, who needs it anyway? The mere fact that these devices can be tethered to your every personal detail does not mean you should - or want.

          Don't use a factory distribution. Build one yourself, or use a build from somewhere you trust. Root your phone. Use a firewall. Use a 'datawall'.

          For those of you inclined to start proselytizing for

        • by WaffleMonster ( 969671 ) on Sunday May 04, 2014 @02:08PM (#46914351)

          The Google Keyboard for Android sends what you're typing to Google servers 'to improve suggestions,'

          Google keyboard provides an option to turn the feature off so there is that.

          so I don't think that asking for your location a lot

          Is it asking for your location? Is a list of take it or leave it demands most apps make these days really asking a question?

          is the worst invasion of privacy of a mainstream on-screen keyboard app.

          Perfectly happy to declare all of these fine contestants winners of the privacy invasion contest. I must say proliferation of cheesy excuses to collect data is truly inspired. We need to know where you are at all times physically to configure a localization setting...yea that's it...

      • why would *anyone* use swype now? samsung phones have built in swiping keyboard, so do nexus phones. i guess it's those other 10% android suckers.

    • Read their FAQ about
      "Living language"
      This data mining ain't
      Excess baggage!

      BURMA SHAVE

    • Does the app send the location data anywhere?

      Outside of a small delay, it probably would be just fine only looking up the location when the app is first opened and when it opens every 5 hours or so. Maybe even less- especially when the regional function is turned off.

      2.5 times a minute is definitely tracking in the literal sense. They would know everywhere you went and probably even when you went to the restroom assuming you had the phone in your pocket. I run wigle every once in a while and while I would e

    • by Nikker ( 749551 )
      According to Google Play Store this app has about 40K installs. We are saying that 40K x (60x60x24) x 2.5 = 8,640,000,000 rows added per day is something that not even the DBA noticed?

      That's a bit of a stretch.
      • by Nikker ( 749551 )
        Mistake on my math that would have been 2.5 / second, the real number would be:

        40,000 x (60x24x2.5) = 144,000,000 rows per day (still quite a bit).
        • by msauve ( 701917 )
          Swype comes standard with a lot of phones (although not necessarily the default keyboard. For example, many Samsung Galaxy S4s come with it pre-installed. And they've sold 40 million of those.

          Your first try was probably more accurate, even if the math was wrong.
      • Has it been shown that the app has actually been uploading or storing any data? or is it just simply polling the GPS subsystem for location information?
  • by jones_supa ( 887896 ) on Sunday May 04, 2014 @06:18AM (#46912097)
    "Regional dialects". :D What an explanation.
    • You need to understand that this application is trying to anticipate what you're trying to type before you type it. If you're at a stop&go and you start to type "I'm getting..." your next word might be Gas, Beer or robbed but it's probably not going to be "ready for work" that would be more likely if you were at home.

      So by saying "regional dialects" they might mean far more specific regions than you're thinking and they just communicated it very poorly.

      • Aha!
      • Yes, but no matter where you are if you're in an 'update' on some social networking thing, the logical choice is "I'm getting stupid" so no further scanning is necessary.

      • Re:Regional dialects (Score:5, Informative)

        by BasilBrush ( 643681 ) on Sunday May 04, 2014 @11:12AM (#46913197)

        You need to understand that this application is trying to anticipate what you're trying to type before you type it. If you're at a stop&go and you start to type "I'm getting..." your next word might be Gas, Beer or robbed but it's probably not going to be "ready for work" that would be more likely if you were at home.

        That's quite a fairy tale you've constructed there to excuse a spyware app on your favoured phone platform.

        • by AK Marc ( 707885 )
          how does that work? I've seen lots of complaints that it checks location often. But I've seen no assertions that it sends it back "home".Spyware that sends nothing to anyone.
    • regional dialects, my ass!

      well, bless their hearts.

    • by allo ( 1728082 )

      yeah, because you totally want to use the local dialect, as soon as you are there.

    • Say I'm ganning, I mean going from Newcastle to London. That's about 300 miles, and I'll go from "Why aye man" via "Eee by 'eck" and "alright me duck" to "gor love a duck, guvnor".

      That's a change every 8 minutes - if I'm traveling in a jet fighter..

      By my reckoning it's polling 20 times as often as it could ever need to.

    • When you see how militant some Slashdot users get about whether or not to spell "color" with a "u", you'll understand.
    • by AuMatar ( 183847 )

      Disclosure: I worked at Swype 2 years ago. I left 6 months after the buyout. At that time we didn't make any requests for location.

      However, I am currently on a trip to Europe, and I use Swype. It definitely added place names (Catalunya or Palau would not be in a native english dictionary, but were swypable for me in Barcelona). It was a useful feature. There should definitely be a way to turn it off, and doing so should stop it from requesting any location information. But the explanation is reasonab

      • Disclosure: I worked at Swype 2 years ago. I left 6 months after the buyout. At that time we didn't make any requests for location.

        I'm not sure how much you can disclose, but there seems to be a general discontent with Nuance and their level of competence since the takeover. I was wondering if you can shed any light on this, and the future development of Swype.

        I think Android in general needs to be more granular with permissions- I should be able to turn on and off permissions by app, and the OS should return a reasonable default or throw an exception if the permission isn't granted.

        That's one of the advantages of Cyanogenmod (and presumably other custom ROMs). Hopefully this feature will roll out into most ROMs one day.

  • by Tasha26 ( 1613349 ) on Sunday May 04, 2014 @06:40AM (#46912163) Homepage
    Each time an App wanted to update in the last 6 months, it was to increase its access to areas of my Samsung phone that I thought were completely un-necessary for it to work properly. Makes you wonder who in the Google Store is rubber stamping the ok on such Apps! When will privacy groups wake up and start lawsuits against App makers and/or Google? Maybe it will fist require a popular tech website to run a Top-10 Worst Privacy Infringing Apps in Google store.
    • by jones_supa ( 887896 ) on Sunday May 04, 2014 @06:58AM (#46912207)

      Maybe it will fist require a popular tech website to run a Top-10 Worst Privacy Infringing Apps in Google store.

      Could as well flip it around and instead make a third party give a "Privacy Gold Star" for apps that don't infringe your privacy and don't require unnecessary permissions from the phone operating system.

    • I agree that are asking for absurd permissions, but I don't see the store as responsible for policing app permissions. Rather, you and I do so by refusing those updates and by not installing the apps on the first place.

      If most consumers don't care, then we who do need to live in the "long tail"; mainstream apps won't cater to us.

      • The store doesn't offer any means of sorting by permissions or hiding apps that request permissions you don't want to give. Trying to find the one good solitaire app or simple flashlight app requires individually clicking on several dozen apps to find the one that doesn't want any permissions. Several will ask for your GPS, phone book, calendar, and full internet access.
      • Since when is just not using something a solution to a problem of artificial scarcity?

        The whole problem is that the App does what it is supposed to do...the system works...it's that for purely abstract economic beliefs the makers of the App make arbitrary intrusions into your personal information

        The whole problem is that people look at this relationsship and **do not see a problem of design**...instead the other option is to, essentially, "fsck off"

        No. Stop using this logic when discussing the solution to a

    • by Solandri ( 704621 ) on Sunday May 04, 2014 @07:43AM (#46912331)
      If you're rooted, you can install XPrivacy [xda-developers.com]. It doesn't try to block these apps, it just spoofs the data. So if I haven't given Swype permission to access location data, it will just get fed random locations all over the world every time it thinks it's getting my location.
    • Re: (Score:2, Informative)

      by Anonymous Coward

      In the early 00's the requirement for having a firewall and an antivirus on your average Windows desktop PC went from 'good practice' to 'mandatory' as the number of malware types and exploits on the web exploded.
      With Android, it is swiftly thus becoming 'mandatory' to root your phone and install XPrivacy (or similar). Most people just have not realised yet quite how badly they need it.

    • by quetwo ( 1203948 ) on Sunday May 04, 2014 @08:38AM (#46912529) Homepage

      Hate to break it to you -- there is no human intervention required to publish to the Google Play Store, unlike the Apple App Store. The time from the last compile to the app being live in the store is about 15 minutes. So, to answer your wonder -- there is a lonely robot rubber stamping the ok on all those apps...

      Downloader beware!

      • So, to answer your wonder -- there is a lonely robot rubber stamping the ok on all those....

        ridiculous news stories, anti-logic Congress Bills, TED Talks, and unfortunately alot of published research in the Social Sciences

        it's about the editorial function...something bean counters and oligarchs both see as unecessary...

        apply to coding appropraitely...the paralells of system dynamics are everywhere

      • by AuMatar ( 183847 )

        As it should be. I don't want any company deciding what I can and can't download. Apple has been shown multiple times to stomp down on free speech or any app that they decide is to close to what they already do destroying competition (or worse, anything they plan to do soon, which they've used as a reason to pull apps several times). The app store should be a delivery man, not a decider on content. The only thing it should be screening for is malware.

        • The only thing [the App Store review process] should be screening for is malware.

          A lot of arguments are won and lost on defining terms [c2.com]. The question you're implicitly asking is who gets to define malware. Apple thinks any application that can reconfigure your device's Wi-Fi settings is malware. But if you seek a tool to discover or troubleshoot Wi-Fi networks, then you disagree that it is malware. And this disagreement is why the WiFi-Where application is not available for iPod touch, iPhone, or iPad.

          • by jedidiah ( 1196 )

            It's a little more subtle than that. Malware is anything that does what it's not supposed to do. Nothing short of a power user tool should be screwing around wtih your wi-fi. This is something that should be enforced by Android as a defined role.

            It's not the sort of thing that Apple would enforce by role because Apple doesn't acknowledge the validity of a power user. They go out of their way to denigrate and marginalize power users.

    • by nblender ( 741424 ) on Sunday May 04, 2014 @08:50AM (#46912595)

      This is one of the things I hate most about Android (having recently switched from an iphone to a Nexus5). I tried to install flashlight app but the top 5 or 10 all wanted egregious access to my phonecalls, instant messages, or full network access. I gave up.

      Later I read a slashdot comment from an Android app developer who said shortly after making his app available in the Play Store, he started receiving messages from individuals offering to pay him a per-download commission on his app if he would consent to linking their "library" in with his app... It was a very attractive commission... So that explains the requests for access to unreasonable things... I don't know how this is different in IOS-land... Maybe the apps just get that access without anyone knowing? Or maybe someone at the App store decides whether a flashlight app needs access to instant message logs ...

      • Re: (Score:3, Interesting)

        by BasilBrush ( 643681 )

        I don't know how this is different in IOS-land... Maybe the apps just get that access without anyone knowing? Or maybe someone at the App store decides whether a flashlight app needs access to instant message logs ...

        First of all ever app operates in it's own sandbox, so no app can access the data of another app. So the scenario you suggest isn't possible on iOS.

        Secondly, yes, there's an app reviewer, assisted by automated tools, that's looking for whether your app does bad things.

        Thirdly, things such as requesting your location, as in this Swype example, then the OS pops up a dialog asking permission when the app first tries to do it. You can allow it or deny it. And you can change the permission whenever you like via

        • First of all ever app operates in it's own sandbox, so no app can access the data of another app.

          Is this why users can't upload text documents created in a word processing app to a web form?

          Secondly, yes, there's an app reviewer, assisted by automated tools, that's looking for whether your app does bad things.

          I would like to know what this app reviewer currently considers to be "bad things", so that I know what applications I won't have any chance of finding in the App Store before I spend $299 plus tax on a device. Unlike Microsoft, which publishes its review guidelines for Windows Store and Windows Phone Store [microsoft.com], Apple has chosen to keep this information behind the iOS Developer Program paywall. The widely leaked version

      • For basic apps like that, install the F-Droid installer. It only includes open source applications, built directly from source.
      • I tried to install flashlight app but the top 5 or 10 all wanted egregious access to my phonecalls, instant messages, or full network access. I gave up.

        Permissions Manager LBE [xda-developers.com] is the kind of thing Apple would never allow on iOS. You can fine-tune any app's permissions *after* install, and even autoblock bundled spyware.

    • 1000% agree.
      Every time I see updates, it's invariably to increase an app's access in my phone.

      I would pay money for an app that can 'firewall' other apps, and prevent them from accessing what I would consider to be irrelevant things.
      "Flashlight" app wants to access GPS? I don't think so.
      "Solitare card game" wants to access my systems' phone number? No.

      I *do* try to always go into airplane mode when I run Kandy Krush Saga, but then I've gotten to a point where I think it's essentially impossible to win wit

  • Has anyone, who uses these apps, noticed diminished battery life?
    • I have! About three weeks ago I noticed that my battery was drained before the end of the day, whereas until that time it would last me two full days. I have been using Swipe since well before then, though, so if this is related then the 'feature' was just recently implemented.

      This is on a Samsung Note 3.

      • I just went through the Swype settings to see where "Regional Dialects" is configured, and I don't see it.

        • I just went through the Swype settings to see where "Regional Dialects" is configured, and I don't see it.

          It's actually called "Living Language". It's under "My Words" in the settings.

    • My buddy rooted his Android phone because of this kind of behaviour. He didn't have Swype, but there were at least seven or eight apps that came installed on his S4 constantly trying to phone home.

      Once he rooted the phone and got rid of all the crapware, his battery life increased by something in the 5 to 10 percent range. And that's a conservative estimate.

      • by tepples ( 727027 )
        You don't need root to "uninstall updates" and then "disable" a preinstalled Android app. All root does, as I understand it, is let you free the space it takes in the system image.
        • by ichthus ( 72442 )
          Pre-installed apps are configured as "system apps". You have to be root to remove them.
          • by tepples ( 727027 )
            I was referring to disabling an app, which does not require removing it.
            • but just disabling is not enough. if you go into play store and click "update all", everything gets updated, including disabled apps. atleast that's what i'm seeing with this wretched chaton.

  • Comment removed (Score:5, Informative)

    by account_deleted ( 4530225 ) on Sunday May 04, 2014 @06:52AM (#46912199)
    Comment removed based on user account deletion
    • There is a reason why my browser setting is in English. That is because I WANT it in English. And just because I visit my parents in Spain or my sister in Germany or friends in the USofA does not mean there is any change in preferece in my language.

      You're basically asking for an "I am Heinrich Schliemann" checkbox in the settings. ;-)

    • by AuMatar ( 183847 )

      It doesn't change your language setting. It adds words. For example, last week I was in Barcelona. A popular tourist destination is the cathedral "Sagrada Familia". Neither of those words are in English. Both were added to my dictionary automatically. It was helpful, as I did type them into my phone to access the website and buy tickets (rather than wait in a 2 hour long line). It's a useful feature, although not something that makes or breaks a keyboard.

      • by tepples ( 727027 )
        Then perhaps this functionality should be moved to another application called "Swype Local" that provides nearby attractions as words to the main Skype app. (Apps from the same publisher can communicate.)
        • by AuMatar ( 183847 )

          ANd why would they want to add the complexity and fragility of multiple apps? And the extra time to do cross-app communication in a time sensitive (you need all your suggestions within milliseconds of tapping a key or you appear lagged) environment. The idea is fucking idiotic.

          If you want to complain that Swype should provide a setting, I agree. If you want to complain that Android should provide per-app permissions out of the gate, I agree. But if you really expect people to jump through hoops writing

  • MultiLing (Score:5, Informative)

    by B2382F29 ( 742174 ) on Sunday May 04, 2014 @07:36AM (#46912293)
    I am using multiling keyboard which allows swype input and doesn't even need network permission nor anything else than the user dictionary. https://play.google.com/store/... [google.com]
    • Re: (Score:2, Informative)

      by Anonymous Coward

      I am using multiling keyboard which allows swype input and doesn't even need network permission nor anything else than the user dictionary.

      https://play.google.com/store/... [google.com]

      I'll second this suggestion. When I found out the keyboard that came with my tablet (FlexT9) was no longer in development because Nuance bought Swype, I went looking for alternatives since I was stuck on a software dead-end otherwise, and MultiLing was the one I ended up liking the most.

      Decent defaults but extremely configurable. In addition to swipe, it has a split keyboard mode for thumb typing, options can differ in portrait and landscape, and it can be resized on-the-fly to use more or less screen spa

    • Thanks for the tip. I just installed Multiling Keyboard, and it looks like it is similarly invasive [imgur.com] in terms of permissions, but since it doesn't need network permissions, I guess it should be okay.
  • Unlike what the summary claims, Swype is not available on Windows Phone. Microsoft will however be rolling out their own, similar keyboard soon as part of 8.1. Hopefully one that doesn't do 4000 location requests per day.
    • Unlike what the summary claims, Swype is not available on Windows Phone.

      Sorry, you are absolutely right. I just got that info from the Wikipedia page [wikipedia.org]. I should have checked the source.

      • It was ported to Windows Mobile, not to Windows Phone

        I have the developer preview of Windows Phone 8.1 on a couple of devices and the 'Swype-style' keyboard does seem to work quite well.

        • by AuMatar ( 183847 )

          Former Swype dev- it was originally released on Windows Mobile. It was ported to a variety of other platforms, including Android (obviously its biggest success), Symbian, and Meego.

  • Why doesn't the OS keep track it it's moving of not (all those wonderful sensors) and then have the app ask the OS for the location? If it's sitting on my desk, it shouldn't need to check it's location every 24 seconds.

  • Windows Phone has a similar solution, but it's Microsoft's own implementation.

  • I tried years ago the trial, saw the permission. When i saw that it was used all the time (LBE Privacy Guard. Use XPrivacy today), i uninstalled it.

    Try SwiftKey, the swipe is better than Swype, anyway.

  • For the last year (roughly), it's autosuggestions have gotten worse- not better. Sometimes it suggests a word I've never even heard of over a much more common word. It even puts the common word in the auto complete/correction list.

    But repeatedly auto complete/correcting it doesn't seem to dissuade it from choosing the weird word.

    • by AuMatar ( 183847 )

      You may want to try resetting user data for the app. If for some reason your frequency data got corrupted, this would be a symptom. Of course, then you lose your library of added words.

  • Aside from the stupidity, it could be costing you.

Single tasking: Just Say No.

Working...