According to a report published by security specialist NowSecure, a vulnerability in the Swift keyboard software, pre-installed on Samsung devices, can allow a remote attacker to execute code on the user's phone as well as access functions like the microphone and camera. Worse still there's no way to uninstall Swift and the flaw can be exploited even if you don't use the app. It affects leading Samsung smartphone models from the Galaxy S4 to the S6.

Samsung and the Google security team were notified in December 2014. Samsung began providing a patch to mobile network operators in early 2015, but it's not known if the carriers have rolled out the patch to devices on their networks. It's also difficult to determine how many mobile device users remain vulnerable, given the device models affected and the number of network operators globally. It isn't easy for users to tell if their device has been patched either. NowSecure recommends avoiding connection to insecure Wi-Fi networks, contacting their service provider for patch details or even temporarily switching to a different mobile device. Standalone SwiftKey apps on the Google Play and Apple App Stores are not affected by this flaw.