Variety is the spice of life. Even on your mobile – why should you bother typing all the time while messaging with someone, when you can use GIFs or stickers to express your reactions with the level of precision no words can deliver?
Feb 22, 2021 · 5 min read
We are talking about third-party keyboard apps that spice up texting on your smartphone. These keyboards are developed for being fast, intuitive, or entertaining – in other words, for being simply better than your boring in-built one. You can find a keyboard for nearly everything – GIFs, emojis, AI-based text predictions, personalized suggestions, texting via drawing, swiping instead of tapping, any colors your heart desires, etc.
Having this in mind, it’s not surprising that the list of the most-downloaded apps for iOS in 2017 was topped by Bitmoji – an app that lets users create personalized avatars and add an emoji keyboard. In thelist compiled by Apple, Bitmoji surpasses such mainstreamers as Facebook, Youtube, Spotify, Uber and even Google Maps, as measured by the App Store downloads during last year.
All seems fun, all seems fine, but there might also be a dark side in enriching your texts with the hilarious Bitmoji stickers. What exactly happens when an app that may sense every keystroke resides on your phone? Does it threaten your privacy and security or are we just getting too paranoid over here? Let’s take a closer look.
Third-party keyboard apps (including Bitmoji) ask to “allow full access” to operate. This permission request is what bugs many users, as it sounds like the app wants a little too much.
Apple’s default warning message doesn’t make it easier. It says that granting full access to a keyboard allows the developer to access, record and transmit everything you type, including your sensitive information – passwords, banking details, addresses and phone numbers. When reading this, it feels like you may end up in a privacy-loss nightmare by innocently tapping ‘Allow.’
You want that keyboard, though. And this makes you feel ambiguous.
Speaking of Bitmoji, it has a dedicated page where it explains the need for “full access” to its users as following: “We ask for Full Access permission so that we can download your custom Bitmoji images from our servers.”
Anticipating the potential worries their users might have, Bitmoji also adds an assurance that “Bitmoji Keyboard can't read or access anything you type using your iPhone keyboard or any other third party keyboard.”
Technically, a possibility for the app to get the keystroke data remains. It not necessarily means that Bitmoji records all the stuff you type – since it’s not a typical keyboard, chances are, it only tracks the Bitmoji stickers you use instead of every keystroke you make on your phone.
So while you have Bitmoji’s word for not grabbing your messaging data, it is all about trust. There are no solid reasons to be worried, so probably you shouldn’t. Probably. But keep in mind that Bitmoji does collect other data than the stuff you type.
If your concerns about data privacy and online security go beyond this specific app, however, it's worth getting a VPN. Whatever site or application you're using, your data is a valuable resource. There are plenty of companies and criminals eager to access it, but a a VPN can shield your private information with layers of encryption.
If your privacy is important to you, protect it with NordVPN.
While the “Full Access” request in iOS looks rather obscure, the required permissions come in more detail when downloading Bitmoji from Google Play store. What we see here is somewhat eyebrow-raising.
Microphone and camera access, identity, device ID and call information – it’s a bit suspicious that a virtual keyboard based on stickers needs all this. Most likely, it is somehow related to getting more information for advertising purposes.
At best, your data is used to improve the Bitmoji service – to offer you stickers of the type you like, make them more convenient to use, etc.
If you’re using Snapchat along with Bitmoji, the collected information can be used to serve you targeted ads, because that’s the way Snapchat is making money.
At worst, your private data may end up being inadvertently exposed. Even though third-party keyboard developers should keep their users’ data protected, history shows that leaks happen and some of them can be pretty big.
For example, a recent case ofAi.type data leak. Personal information of more than 31 million users was discovered to be left unsecured on company’s servers: treasure-worth data could be easily accessed by anyone with no authentication required. The two most terrifying things about this leak were its’ extent and the fact that the data was extremely sensitive. More than 577 gigabytes of data included biographical data, precise location, device details and even email addresses and phone numbers from users’ contact books. And here’s the cherry on top: the database also stored email addresses with corresponding passwords, even though Ai.type was never supposed to “learn from password fields.”
If you want to enhance your privacy and security while using Bitmoji or any other virtual keyboard, use a VPN service. It masks your IP address, preventing anybody from identifying you online. With a VPN, your traffic is redirected through an encrypted tunnel so neither hackers, nor ISPs, nor snoopers can see your browsing data.
NordVPN is an easy-to-use app that allows you to be in charge of your own privacy. It has a strict no-logs policy — whatever you do online is your business only. We recommend keeping a VPN turned on all the time, as it will mitigate online risks.
So if funny and goofy stickers are what you want to make your texting more entertaining, go for it and give Bitmoji a chance, but always remember the risks that may come with a virtual keyboard app residing on your phone.
Enjoy your personal emojis and stay secure with a top-notch VPN.