Android device users have been warned to deleted a popular, free-to-download emoji keyboard app that makes purchases without the user's knowledge.

Installed more than 40 million times, 'ai.type' purports to be a customisable, intelligent on-screen keyboard developed by Israeli firm ai.type LTD.

However, researchers at mobile technology firm Upstream have revealed that the app has made millions of unauthorised purchases of premium digital content.

The app hides its unwanted activity so such is not visible onscreen, sometimes masking itself as legitimate popular apps like audio platform SoundCloud.

A version of the malicious app was removed from the Google Play store in June 2019.

However, it remains on millions of devices, is still featured on other Android marketplaces — and has been replaced with new versions on the Play Store.

Scroll down for video

Android device users have been warned to deleted a popular, free-to-download emoji keyboard app that makes purchases without the user's knowledge. Installed more than 40 million times, 'ai.type' is a customisable on-screen keyboard from Israeli firm ai.type LTD

WHAT SHOULD YOU DO IF YOU INSTALLED AI.TYPE? Experts from Upstream recommend users who have download the malicious app do the following: Delete the app from your android device.

Check phone logs and text for suspicious activity.

Review mobile bills for unexpected charges for premium services. Advertisement

According to experts from Upstream, the firm's 'Secure-D' mobile security platform has already detected and blocked 14 million suspicious transaction requests.

These came from only 110,000 devices — a small proportion of the total number of users that have downloaded the ai.type keyboard.

Had they been processed, these requests would have cost users up to $18 million (£13.9 million) in unwanted charges, the team report.

The suspicious activity has been recorded taking place across 13 countries, with Brazil and Egypt particularly affected.

In addition, Upstream experts noted a spike in unusual activity in the two months immediately following the app's removal from the Google Play store in June.

The malicious keyboard has also been transferring data on users' genuine website views, clicks and purchases to advertising networks.

Researchers from Upstream began an investigation after Secure-D identified the app's increasingly suspicious behaviour.

'Secure-D experts examined two Android devices with the ai.type app installed,' an Upstream spokesperson wrote on their website.

'[They] found subscription verification texts to premium digital services on both devices, confirming unwanted subscription sign-ups that occurred without any user intervention.'

'Secure-D experts examined two Android devices with the ai.type app installed,' an Upstream spokesperson wrote on their website. '[They] found subscription verification texts to premium digital services on both devices.'

'Innocent users are paying for these hidden, unauthorised purchases and related data consumption whose source is buried in the app,' said Dimitris Maniatis, head of Secure-D at Upstream.

'Ai.type contains software development kits (SDKs) with hard-coded links to ads and subscribes users to premium services without their consent.'

'These SDKs navigate to the ads via a series of redirections and automatically perform clicks to trigger the subscriptions.'

'This is committed in the background so that normal users will not realise it is taking place.'

'In addition, the SDKs obfuscate the relevant links and download additional code from external sources to complicate detection even from sophisticated analysis techniques.'

Upstream experts noted a spike in unusual activity from ai.type, pictured, in the two months immediately following the app's removal from the Google Play store in June

Security experts at Upstream advised anyone who has downloaded ai.type to both remove the app from their device and check their phones for unusual behaviour.

This, they added, should include checking their bills for unexpected charges for accessing premium data services, alongside looking for signs of unusually high data usage which could be indicative of malware activity.

'Malware can be responsible for creating millions of dollars of fraudulent mobile advertising revenue,' said Upstream CEO Guy Krief.

'It seriously impacts consumers’ pockets and mobile service experience by eating up their data, incurring unwanted charges, and affecting the performance of their phones.'

'The mobile advertising fraud market is worth some $40 billion annually. In any given market one in ten devices is infected with malware.'

'Dressing up to appear as legitimate and often popular applications, undetected malware damages the industry’s reputation, leaving mobile operators and their customers to pick up the tab.'

The full findings of the report were published on the Upstream website.