A bug in Samsung’s Android keyboard used by more than 600 million devices all over the world potentially exposes them to hackers, who can take full control of the mobile device. The flaw was found in the daily or weekly update mechanism of the built-in keyboard.

It should be noted that the bug was detected back in December 2014. Samsung asked the security researchers to keep this discovery in secret and notified Android security team. Now, half a year later, no fix has been issued, though Samsung claims it started that process in early 2015. The problem is that unlike Apple’s direct model of software updates, the company is beholden to mobile phone providers to push out updates to their users.

The security experts say that Android users can’t disable the flawed keyboard app, and it’s hard for them to tell if the problem was patched. Apparently, the fault lies within Samsung’s code, because similar keyboards on other Android devices from other manufacturers and those for the iPhone are unaffected.

So, how could users suffer from the bug? The Samsung Android device can connect to a malicious Wi-Fi network after the keyboard tries to update, and a hacker could substitute the update for a backdoor into the device, thus gaining almost complete access to the smartphone or tablet. This means that the intruder will be able to remotely access smartphone’s sensors like GPS, camera or microphone, thus eavesdropping on calls or attacking sensitive personal information.

If you try to install another keyboard, this won’t help solve the problem, because the Samsung keyboard continues to run in the background. The range of affected devices is long and includes the latest Samsung Galaxy S models, including the Galaxy S6, S5 and S4.