Citizen Lab, a reputable research laboratory, recently uncovered a significant vulnerability in widely used keyboard apps, impacting a large number of users. The flaw was specifically found in keyboard apps designed for inputting Chinese characters using the pinyin writing system. Upon analyzing apps from nine popular vendors such as Baidu, Honor, Huawei, and Xiaomi, it was revealed that these vulnerabilities were present in devices sold in China.

Key Points:

– Samsung Keyboard did not utilize any encryption methods.
– Most other keyboard apps lacked asymmetric cryptography.
– Cloud-based prediction features in these apps meant that user data was being sent to external servers.
– The vulnerabilities essentially turned cloud-based keyboards into keyloggers.
– Passive network eavesdroppers could exploit these vulnerabilities without leaving any trace.
– Concerns were raised about potential surveillance activities by various entities.

The researchers estimated that up to a billion users might have been affected by this and similar vulnerabilities. While most vendors have since addressed these issues, it is crucial for users to prioritize on-device keyboards and maintain updated apps and operating systems to safeguard their privacy.

It is reassuring to note that neither Apple’s nor Google’s keyboard apps transmit keystrokes to external servers, offering an added layer of security for users. To protect your data from prying eyes, it is advisable to stick with on-device keyboards and remain vigilant about software updates.