Google removes android keyboard Playstore app for secretly collecting users data

[internet police]

BOOK INTERNATIONAL FLIGHTS TICKETS LOCAL FLIGHTS HOTELS BOOKINGS WORLDWIDE AND MORE AT CHEAPEST RATE EVER! CLICK HERE TO BOOK YOUR FLIGHT AND RECEIVE YOUR FLIGHT TICKET INSTANTLY

Google removed one of its Top 20 most popular Android apps from the Play Store after an investigation from Pentest, a UK-based cyber-security firm who discovered that the app violated Google's policies by showing a deceptive behavior.
Pentest's engineers found that the app requested more permissions than its native behavior needed, asked for admin privileges in order to make uninstallation more difficult, hijacked the user's screen to show ads, and collected and transferred user information to a third-party without the user's permission.

App had more than 50 million downloads
The app's name is Flash Keyboard, and before the Pentest report, it was ranked #11 in Google's most popular Android apps, with over 50 million downloads. As its name hints, the app is a replacement for Android's stock keyboard, developed by DotC United.

Pentest found it exaggerated that the app would require access to a phone's Bluetooth connection, geo-location feature, or WiFi status.

Additionally, the app would ask for access to kill background processes, read SMS messages, show system overlays, or remove download notifications. Pentest says there are no reasons for a keyboard app to require these intrusive permissions.

Further, Pentest detected that Flash keyboard was asking for device admin permissions, and was using these powers to take over the phone's lock screen and show ads.

Collecting user data without prior notice
Pentest also analyzed a stream of data that was originating from the app and says Flash Keyboard was collecting information about the user and was sending it remote servers in the US, the Netherlands, and China.

Some of the data the app was collecting and sending to these services included details such as device manufacturer, device model number, Android version, email address, SSID, MAC, IMEI, mobile network, GPS coordinates, information on nearby Bluetooth devices, and the presence of any proxies.