The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.

⁨1885⁩ ⁨likes⁩

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨Tazmanian@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/

Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

source

Comments

Sort:hotnew top

Moops@lemmy.world ⁨1⁩ ⁨year⁩ ago
It’s to help improve the user experience right? …right?

source
problembasedperson@lemmy.world ⁨1⁩ ⁨year⁩ ago
FOSS keyboards for Android:

[github.com/Julow/Unexpected-Keyboard](Unexpected Keyboard)

https://anysoftkeyboard.github.io/
source
- godless@lemmy.world ⁨1⁩ ⁨year⁩ ago
  Neither of which supports Chinese, so that’s useless for any actual users of Sogou.
  
  source
  - randint@lemm.ee ⁨1⁩ ⁨year⁩ ago
    Personally, I use github.com/osfans/trime to type Chinese.
    
    source
    -> View More Comments
  - tal@kbin.social ⁨1⁩ ⁨year⁩ ago
    To repeat a comment I made a bit back, I'm a little disappointed even by the state of English-language Android FOSS onscreen keyboards.
    
    source
- Duke_Nukem_1990@feddit.de ⁨1⁩ ⁨year⁩ ago
  Thanks for the unexpexted Keyboard link, didn’t knowabout it.
  
  source
egeres@lemmy.world ⁨1⁩ ⁨year⁩ ago
This is beyond creepy

source
t0lo@lemmy.world ⁨1⁩ ⁨year⁩ ago
surveillance fetish going strong

source
- PutangInaMo@lemmy.world ⁨1⁩ ⁨year⁩ ago
  The article states the software users external endpoints, whether encrypted or not. The CCP already has the ability to obtain all of this information from those endpoints. The article identified poor software design choices that may expose user keyboard data to anybody on the network…
  
  source
chrisphero@lemmy.world ⁨1⁩ ⁨year⁩ ago
surprised pikachu face - who would’ve thought?

source
qwertyWarlord@lemmy.world ⁨1⁩ ⁨year⁩ ago
Imagine willingly installing a keylogger, lol

source
sndrtj@feddit.nl ⁨1⁩ ⁨year⁩ ago
So when the Chinese do it it’s scary, but when the Americans do it it’s just “established practice”?

source
- Liz@midwest.social ⁨1⁩ ⁨year⁩ ago
  Neither of the groups should be allowed to do it.
  
  source
- BrockSampson@lemmy.world ⁨1⁩ ⁨year⁩ ago
  en.m.wikipedia.org/wiki/Whataboutism
  
  source
  - GrapefruitDoggo@lemmy.blahaj.zone ⁨1⁩ ⁨year⁩ ago
    Whataboutism doesn’t really apply when pointing out a double standard. It’s true that both places shouldn’t do the bad thing, but it’s more about the individual’s reaction to that thing depending on who does it. The average US citizen will criticise the CCP for doing plenty of the same things their government currently does, or has done in the past, that they support.
    
    Furthermore, it’s important to note that when this kind of thing happens, people treat it as China’s government’s fault, but when Tesla cars explode, people don’t consider that the US government’s fault.
    
    source
Coelacanthus@lemmy.kde.social ⁨5⁩ ⁨months⁩ ago
So use Fcitx 5 Android instead. It’s a open source IME application without requesting any permission except Notification, especially without network permission.

github.com/fcitx5-android/fcitx5-android

Permissions Network Permissions

source
demonsword@lemmy.world ⁨1⁩ ⁨year⁩ ago
Looks like very few people have actually read the article, and that the cancerous anti-China sentiment migrated from reddit to lemmy too.

source
sproketboy@lemmy.world ⁨1⁩ ⁨year⁩ ago
What do you expect from leftists?

source
- Ghostalmedia@lemmy.world ⁨1⁩ ⁨year⁩ ago
  Being left or right doesn’t make you authoritarian. Being authoritarian makes you authoritarian.
  
  source
inclementimmigrant@lemmy.world ⁨1⁩ ⁨year⁩ ago
If it’s a app, including fucking tik tok you bunch of morons, that was developed by a Chinese company all of the data on your device is going back to the CCP. It’s just that fucking simple people.

source
- LittleLordLimerick@lemm.ee ⁨1⁩ ⁨year⁩ ago
  That’s a bit over the top. The app only has access to the data you give it permission to access. So TikTok may have access to your contacts (don’t give TikTok access to your contacts, guys), but it won’t have access to your text messages or activity data.
  
  source
Xavier@lemmy.ca ⁨1⁩ ⁨year⁩ ago
Hmm…

I use AnySoftKeyboard instead of the default android keyboard or the Samsung keyboard just to preemptively avoid these kind of “issues” creeping up in the future.

Should I still be worried?

Is there a way to sandbox or scope the software keyboards to never see the network (wired ethernet, Wi-Fi, LTE, 5G or otherwise) on stock Android 13 ?

Other than:

Settings > Connections > Data Usage >

Allowed networks for apps > {app} > Wi-Fi only (and not use Wi-Fi) or Mobile data only (and not use Mobile data)

and

Mobile data usage > {app} > Allow background data usage > Disabled

Moreover, there is no “Network Permissions” setting option from what I can see even within Permission manager > Additional permissions.

source
- superkret@feddit.de ⁨1⁩ ⁨year⁩ ago
  Install Netguard, then you can block every app you want (including system apps) from connecting to the internet.
  No root or complicated setup required.
  
  source
  - Aikawa@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago
    Alternatively, there’s TrackerControl that does the same thing, but also let you block specific trackers in an app while letting it connect to the net (it’s a paid option for Netguard, if I’m not mistaken).
    
    source
ArchmageAzor@lemmy.world ⁨1⁩ ⁨year⁩ ago
Wow, who would’ve thought?

source