Next time you confess your undying love for V from BTS in a text, you might want to look over your shoulder. Your friendly keyboard app could be the biggest gossip puppy in the town!
According to the vigilant dogs at Citizen Lab, University of Toronto, most pinyin keyboard apps are not just typing aides, they're potential informants, ready to spill your secrets to anyone listening in.
Alright, we can hear you all screaming at the top of your lungs, "Hey, what is going on? I don't get it!" We totally get the confusion, Let’s see if we can clear the air
What is Pinyin Keyboard Apps ?
In the Western world, they're broadly known as IMEs—Input Method Editors. These are the keyboard apps you use on your mobile phones to type in languages like English, Chinese, Japanese, or various Indic scripts. Simply put, they help us communicate in languages with just a few taps in our mobile phones and other systems.
What is wrong with them now ?
Good Citizens at Citizen Lab have uncovered, when those keyboard apps tap into cloud services for handy features like predicting text and autocorrect, there’s a little hiccup, Due to some security loopholes, it’s not just your phone catching the wind of your epic typing skills,
some uninvited eavesdroppers might be getting the memo too!
So next time you’re dishing out your hottest takes on this article, just remember: your keyboard might be letting us in on the joke too.
Which Apps Are Affected ?
There is a big list published in this Article but We are gonna let you all know the most popular ones that MAY be affected
QQ Pinyin
Samsung Keyboard
Sogu IME
Baidu IME
iFlytek IME
Sogou IME Custom Version
Does this mean Hackers have my data and passwords ?
We cannot verify if someone has/is eavesdropped/eavesdropping on you, but according to Citizen Lab,
Certain apps do have security weaknesses which can enable malicious actors to do so.
What Are the Recommendations ?
QQ pinyin keyboard users should switch to alternative keyboards immediately.
Users of Sogou, Baidu, or iFlytek keyboards should update their keyboards and operating systems.
Baidu IME keyboard users should switch keyboards or disable "cloud-based" features.
Avoid enabling "cloud-based" prediction features on keyboards or IMEs if concerned about privacy.
Users concerned about privacy should not grant "Full Access" to their keyboards or IMEs.
Where Can I find More Information
[1] vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers
These attack vectors are crazy to uncover and worse monitor and safeguard through revisions of software. Let's surrender to AI - unconditionally.