The most popular Chinese keyboard app which is used by more than 450 million monthly users sends every key typed to Tencent in China.

I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).

It's a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.

Alright China shills, you can stop changing the subject to how Google and the US are the "same".

The troops advanced into central parts of Beijing on the city's major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]

https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre

If you lived in China you'd likely not know about this, since people who talk about it go to prison.

Yeah the US is exactly like this so let's not talk about the Chinese government being awful to their citizens /s

Didn't swiftpad or whatever its called send every key pressed to Microsoft?

Not a China shill. China is horrible. Microsoft less so as they don't commit genocide in slow motion. But still, I think this sort of thing is more common than we think.

Use FOSS.

It's stories like this that don't surprise me as much as make me ask: How the fuck do you store and process this much data to get anything useful out of it.

China being China, no surprise here.

Oh wow, who would have ever thought they'd do that? What a fucking surprise.

As if other keyboard apps are any different, I don't think Microsoft bought SwiftKey just for fun?!

I don't get it? Why are they talking in the article about not using the right type of encryption. The problem isn't the encryption, but the fact that it is sending your keystrokes to the mothership, right?

In a surprise to absolutely nobody, China spies on their people.

I feel like there should be a Lemmy version of everything now

The people here acting like their Gboard doesn't do the same is so funny.

Edit : never used nor installed tiktok.

It's not a bug, it's a feature.

These findings underscore the importance for software developers in China to use well-supported encryption implementations such as TLS instead of attempting to custom design their own.

lol.

And the Platinum Award for Least Surprising News Headline goes to...

And gboard or SwiftKey don't?

Never use a closed source keyboard app. It can read what you send for messages, websites you go to, search engine queries.

"Notice the lack of surprise."

Permanently Deleted

Jeremy Clarkson:
"The Chinese are very good at this sort of thing."

This is news? I would have been extremely surprised if it wasnt. This is normal for China, the CCP is eavesdropping on everything

God bless gdpr

In fact it's hard to find open source Chinese input methods that work well enough, the only ones I know of are Trime and Fcitx5_for_android.

Same with Microsoft keyboard and almost every other keyboard app.

Naomi Wu has literally been talking about pwnd Chinese IMEs for years in her sidechannel critiques of Signal.

https://www.howtogeek.com/348699/how-to-see-what-data-windows-10-is-sending-to-microsoft/

Joke's on them I don't tap I swipe

Just gonna plug FlorisBoard here. A bit barebones for now but at least it respects your privacy.

Tencent began investing on Reddit several years back.

It's to help improve the user experience right? ...right?

that's why i use my dick to type haha

FOSS keyboards for Android:

• Unexpected Keyboard
• AnySoftKeyboard

surveillance fetish going strong

Permanently Deleted

surprised pikachu face - who would’ve thought?

This is beyond creepy

Imagine willingly installing a keylogger, lol

What's the deal with Android "keyboards"? Why is it just an app that you can install? And why can it have more functionality/permissions from the OS beyond just being a local keyboard? As an iOS user this is very bizarre and foreign to me.

I feel like every time the topic of Android keyboards (again, why is this a thing?) comes up it's some kind of big spyware thing. Seems like most every app on Android and iOS is spyware anyway, of course.

Can you point to where it says that in the report? It actually says:

an IME will commonly reach out over the network to a cloud-based service for suggestions if suitable suggestions are not available in the input method’s local database.

So it doesn't send "every key typed".

Wow, who would've thought?

Is that really a surprise?

Hmm...

I use AnySoftKeyboard instead of the default android keyboard or the Samsung keyboard just to preemptively avoid these kind of “issues” creeping up in the future.

Should I still be worried?

Is there a way to sandbox or scope the software keyboards to never see the network (wired ethernet, Wi-Fi, LTE, 5G or otherwise) on stock Android 13 ?

Other than:

Settings > Connections > Data Usage >

Allowed networks for apps > {app} > Wi-Fi only (and not use Wi-Fi) or Mobile data only (and not use Mobile data)

and

Mobile data usage > {app} > Allow background data usage > Disabled

Moreover, there is no "Network Permissions" setting option from what I can see even within Permission manager > Additional permissions.

So use Fcitx 5 Android instead. It's a open source IME application without requesting any permission except Notification, especially without network permission.

https://github.com/fcitx5-android/fcitx5-android

If it's a app, including fucking tik tok you bunch of morons, that was developed by a Chinese company all of the data on your device is going back to the CCP. It's just that fucking simple people.

The Tanks must roll holy shit yall too brainwashed

So when the Chinese do it it's scary, but when the Americans do it it's just "established practice"?

I'm willing to bet that Google keyboards do the same.

What do you expect from leftists?

Looks like very few people have actually read the article, and that the cancerous anti-China sentiment migrated from reddit to lemmy too.

The most popular Western OS (and probably the other commercial OSs too) sends every key typed back to base. Plus every website visited. Plus every document amended.