In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
What’s the deal with Android “keyboards”? Why is it just an app that you can install? And why can it have more functionality/permissions from the OS beyond just being a local keyboard? As an iOS user this is very bizarre and foreign to me.
I feel like every time the topic of Android keyboards (again, why is this a thing?) comes up it’s some kind of big spyware thing. Seems like most every app on Android and iOS is spyware anyway, of course.
All aspects of android (pretty much) are customisable. It’s not the os that is the problem, but the developers who program on all this telemetry.
There keyboards on android are much more useful than what’s available on iOS. There is a similar issue with launchers. They, by their nature, need more access to other apps and more permissions. In most cases, that means more features, but meta and Microsoft have launchers too…
I use android and iOS. I find both good but the customisable nature of android is what drove me away from iOS.
there are more than 1 keyboard when you go shopping for physical keyboards… is that bizarre and foreign? different keyboards on android have different features and customizability just like real keyboards.
Unlike iOS pretty much every part of the Android OS is replaceable. There is technically no “unified” version of Android, each Android phone manufacturer has their own unique spin on it, and since its open source, or at least most of it is, anyone can make their own version. For example: Lineage OS, /e/OS, and Graphene OS.
3rd party keyboards exist for iOS - I used to use them too. Keyboards can access every app that you use a keyboard in, so basically everything from your passwords to credit card can be logged. There’d be a popup warning about it on installation that everyone ignores.
But the native keyboard does adopt parts of other good apps + lack of substantial development in said apps (looking at you, Swiftkey iOS). Once the native keyboard added slide to type + spacebar navigation years back, third party keyboards lost their lustre for me lol.
Technically Apple could log all our keypresses too. It’s just a matter of whether that sort of data is worth it for them to collect, or are they prioritising security with their current focuses on privacy features in newer updates.
You can sorta increase keyboard size by going into accessibility settings > display to increase text size as a whole.
As for additional number line on iPhones, not possible without third party keyboard afaik, but there’s a couple tricks (link to reddit comment) to speed up typing numbers. iPad has the number line in their keyboard.
I’m just used to not having these features in exchange for generally much better integration of autofill passwords etc. I have an android tablet to compare with & it’s a pain to have to switch over to a dedicated keyboard to access my passwords & back because swiftkey borks it most of the time (I use keepass as a password manager). The keyboard also auto-detects those pesky SMS OTPs, which is a small convenience but surprisingly satisfying to not have to flip apps/squint at the number in my notifs to slowly input it. Pros & cons I guess.
My iPad Pro has a persistent number line. iPad Air does not. It’s maddening. I tried swiftkey and hated it. iOS also constantly botches my typing and it’s infuriating. That said, Android is not preferable IMO.
For an aac user, it can be super helpful to be able to install a custom communication system as a keyboard as then they can use it with all the other apps. The keyboard apps have the same disclosures as all the others and you should avoid giving it the ability to export data with access to the Internet. Really any app can do this while you’re in it and ask those name brand apps you bank with or whatever are made by third parties and could be logging anything to anywhere if no one bothered to check.
That said, I am unhappy with how android play store has never allowed you to filter apps by permission and has made it harder and harder to even see what permissions an app will request or “require”. The permissions system is so good, should be made more fine-grained but instead they seem focused on “data safety statements” that are just cya for the platform as far as I can tell.
You need something that can watch/report your Internet traffic around the clock and selectively “fail” dns lookups you don’t like or something. I think iPhone does have something like this built in?
As someone that hasn’t drank that Apple flavoured Kool-aid, I can’t understand why people thinking the inabality to use a device you own in the way you want to is considered a feature.
Doesn’t the iOS keyboard have all kinds of apps tied to it and do more than just a keyboard? Also can’t iOS users install 3rd party keyboards like Gboard on iOS just like Android? I’m not sure what the deal is, but having more than one option is good for everyone.
The iOS keyboard definitely has integrations that I never use, but I am just learning that you can, in fact, download wholesale keyboard apps on iOS as well. Skimming them through, they have a ridiculous number of installs (judging by the number of reviews) and atrocious privacy policies. The last part is concerning! 😅
As an iOS user, I’ll just say “slide to type” is better than “hammer thumbs”. Until the iOS keyboard gets that on all platforms, 3rd party is my go-to.
I see. I don’t use iOS devices often but I’ve never used an iPad with slide to type. After a quick search it’s because I’m not using the floating keyboard I guess?
It appears to be so - I personally don’t have an iPad to check. Strange decision to omit it in that particular mode given it’s a parallel to iPhone keyboards, so I’d have to assume it was a deliberate omission. User experience (too many grandparents triggering it by accident)? Who knows.
Now we know we have to pinch it to make it float and then slide that way. TIL!
But if you’re using a newer iPhone, definitely able to slide as long as the owner haven’t turned it off.
There are some legitimate reasons to have a separate keyboard. I use Keepass2Android’s keyboard to enter passwords from Keepass. This way, there’s direct access to the password database instead of copying passwords/usernames/other fields to the system clipboard.
I think the origins of this was back at the inception of Android when the default keyboard didn’t have slide technology, so at that time I think it made reasonable sense that you could bring your own keyboard app, now that Gboard is full featured it probably wouldn’t hurt to lock it down, but it also depends on if every vendor doesn’t provide their own keyboard app that is horrible to use and sets that as the only keyboard option.
What’s the deal with Android “keyboards”? Why is it just an app that you can install? And why can it have more functionality/permissions from the OS beyond just being a local keyboard? As an iOS user this is very bizarre and foreign to me.
I feel like every time the topic of Android keyboards (again, why is this a thing?) comes up it’s some kind of big spyware thing. Seems like most every app on Android and iOS is spyware anyway, of course.
All aspects of android (pretty much) are customisable. It’s not the os that is the problem, but the developers who program on all this telemetry.
There keyboards on android are much more useful than what’s available on iOS. There is a similar issue with launchers. They, by their nature, need more access to other apps and more permissions. In most cases, that means more features, but meta and Microsoft have launchers too…
I use android and iOS. I find both good but the customisable nature of android is what drove me away from iOS.
there are more than 1 keyboard when you go shopping for physical keyboards… is that bizarre and foreign? different keyboards on android have different features and customizability just like real keyboards.
Unlike iOS pretty much every part of the Android OS is replaceable. There is technically no “unified” version of Android, each Android phone manufacturer has their own unique spin on it, and since its open source, or at least most of it is, anyone can make their own version. For example: Lineage OS, /e/OS, and Graphene OS.
3rd party keyboards exist for iOS - I used to use them too. Keyboards can access every app that you use a keyboard in, so basically everything from your passwords to credit card can be logged. There’d be a popup warning about it on installation that everyone ignores.
But the native keyboard does adopt parts of other good apps + lack of substantial development in said apps (looking at you, Swiftkey iOS). Once the native keyboard added slide to type + spacebar navigation years back, third party keyboards lost their lustre for me lol.
Technically Apple could log all our keypresses too. It’s just a matter of whether that sort of data is worth it for them to collect, or are they prioritising security with their current focuses on privacy features in newer updates.
I want exactly the iOS keyboard layout except larger letter keys, and a dedicated number line on top on ALL my devices
Unfortunately no easy way about it :(
You can sorta increase keyboard size by going into accessibility settings > display to increase text size as a whole.
As for additional number line on iPhones, not possible without third party keyboard afaik, but there’s a couple tricks (link to reddit comment) to speed up typing numbers. iPad has the number line in their keyboard.
I’m just used to not having these features in exchange for generally much better integration of autofill passwords etc. I have an android tablet to compare with & it’s a pain to have to switch over to a dedicated keyboard to access my passwords & back because swiftkey borks it most of the time (I use keepass as a password manager). The keyboard also auto-detects those pesky SMS OTPs, which is a small convenience but surprisingly satisfying to not have to flip apps/squint at the number in my notifs to slowly input it. Pros & cons I guess.
My iPad Pro has a persistent number line. iPad Air does not. It’s maddening. I tried swiftkey and hated it. iOS also constantly botches my typing and it’s infuriating. That said, Android is not preferable IMO.
You can install 3rd party keyboards on iOS too to be fair. GIF keyboards etc.
Old article but still relevant: https://www.macobserver.com/tips/how-to/ios-11-install-third-party-keyboards-on-iphone/
I don’t know if the iOS walled garden has any further security measures over Android.
For an aac user, it can be super helpful to be able to install a custom communication system as a keyboard as then they can use it with all the other apps. The keyboard apps have the same disclosures as all the others and you should avoid giving it the ability to export data with access to the Internet. Really any app can do this while you’re in it and ask those name brand apps you bank with or whatever are made by third parties and could be logging anything to anywhere if no one bothered to check.
That said, I am unhappy with how android play store has never allowed you to filter apps by permission and has made it harder and harder to even see what permissions an app will request or “require”. The permissions system is so good, should be made more fine-grained but instead they seem focused on “data safety statements” that are just cya for the platform as far as I can tell.
You need something that can watch/report your Internet traffic around the clock and selectively “fail” dns lookups you don’t like or something. I think iPhone does have something like this built in?
This is something I dislike about iOS, too. The app store doesn’t distinguish in its privacy summaries.
As someone that hasn’t drank that Apple flavoured Kool-aid, I can’t understand why people thinking the inabality to use a device you own in the way you want to is considered a feature.
It is something of a controversy to just be unaware that something can be done.
I would hate it if I was just given a keyboard and told that this is all you can use, take it or leave it. I need the options.
Doesn’t the iOS keyboard have all kinds of apps tied to it and do more than just a keyboard? Also can’t iOS users install 3rd party keyboards like Gboard on iOS just like Android? I’m not sure what the deal is, but having more than one option is good for everyone.
The iOS keyboard definitely has integrations that I never use, but I am just learning that you can, in fact, download wholesale keyboard apps on iOS as well. Skimming them through, they have a ridiculous number of installs (judging by the number of reviews) and atrocious privacy policies. The last part is concerning! 😅
As an iOS user, I’ll just say “slide to type” is better than “hammer thumbs”. Until the iOS keyboard gets that on all platforms, 3rd party is my go-to.
Slide-to-type is available on the default iOS keyboard, at least in English. In Settings search for Keyboard and it’s one of the options.
On all platforms?
Slide to type had been available since ios 13 for years now. What other platforms are you referring to besides iphones & ipads which both use ios?
I see. I don’t use iOS devices often but I’ve never used an iPad with slide to type. After a quick search it’s because I’m not using the floating keyboard I guess?
It appears to be so - I personally don’t have an iPad to check. Strange decision to omit it in that particular mode given it’s a parallel to iPhone keyboards, so I’d have to assume it was a deliberate omission. User experience (too many grandparents triggering it by accident)? Who knows.
Now we know we have to pinch it to make it float and then slide that way. TIL!
But if you’re using a newer iPhone, definitely able to slide as long as the owner haven’t turned it off.
…yes?
There are some legitimate reasons to have a separate keyboard. I use Keepass2Android’s keyboard to enter passwords from Keepass. This way, there’s direct access to the password database instead of copying passwords/usernames/other fields to the system clipboard.
I think the origins of this was back at the inception of Android when the default keyboard didn’t have slide technology, so at that time I think it made reasonable sense that you could bring your own keyboard app, now that Gboard is full featured it probably wouldn’t hurt to lock it down, but it also depends on if every vendor doesn’t provide their own keyboard app that is horrible to use and sets that as the only keyboard option.