Given everything that
The problem, uncovered by Ryan Welton from mobile security specialists NowSecure, was a blatant one: the SwiftKey keyboard pre-installed on Samsung phones looked for language pack updates over unencrypted lines, in plain text. That meant it was possible for Welton to create a spoof proxy server and send malicious security updates to affected devices, along with some validating data to ensure the bad code remained on the device. This gave him a hook from which to find ways to escalate his attack and exploit the device without the users

The link for this article located at Forbes is no longer available.