One Billion Users’ Keyboard Apps Expose Keystrokes Due to Flaw

What you should know


  • Research laboratory Citizen Lab identified a vulnerability in keyboard apps designed for typing Chinese characters using the pinyin system, potentially affecting up to a billion users.
  • The vulnerability was found in apps from nine vendors, including major brands like Huawei, Samsung, and Xiaomi, with most apps not employing secure encryption methods.
  • Cloud-based prediction features in these apps could turn them into keyloggers, allowing for the possibility of unauthorized access to what users are typing.
  • Most vendors have fixed the vulnerabilities after being notified, highlighting the importance of using up-to-date software and considering on-device keyboards for enhanced privacy.


Full Story

Oh boy, here’s something you might not have seen coming. Citizen Lab, those tech sleuths, have stumbled upon a doozy of a glitch in the matrix. We’re talking about keyboard apps. Yes, the very ones you use to spill your deepest, darkest secrets, or maybe just to ask about dinner plans. These apps, particularly favored for typing out Chinese characters via the pinyin system, are sitting ducks for prying eyes.

Now, get this. The researchers weren’t just poking around in any old apps. They had their magnifying glasses out for big names like Baidu, Honor, and Huawei, to name a few. Nine vendors in total. And guess where these devices were chilling? Yep, China.

Here’s the kicker. Samsung Keyboard was caught with its digital pants down, not encrypting anything. Zilch. Nada. And the rest? They seemed to think asymmetric cryptography was just a suggestion.

Typing in Chinese isn’t a walk in the park, you know? It’s complex. So, these apps try to make life easier with cloud-based prediction. Sounds handy, right? Except, it’s like sending your thoughts on a postcard through a town gossip.

Out of all these apps Citizen Lab peeked into, all but Huawei’s had their secrets laid bare. Imagine your keyboard turning into a blabbermouth. Not cool.

And here’s where it gets even spicier. These vulnerabilities are like catnip for eavesdroppers. They don’t even have to lift a finger to intercept what you’re typing. Talk about stealth mode.

Now, why should you care? Well, imagine someone reading over your shoulder. Except it’s not just someone. It could be, say, government spies. The researchers are pretty worried this isn’t their first rodeo with these vulnerabilities.

They’re throwing around big numbers too. Up to a billion users might have been caught in this net. That’s a lot of spilled beans. Thankfully, most vendors have patched things up after getting the heads-up.

Oh, and in case you’re wondering, Apple and Google are sitting pretty. Their keyboards don’t chat with the cloud about your keystrokes.

So, what’s the moral of the story? If you’re not keen on sharing your typing habits with the world, maybe stick to keyboards that don’t gossip. And keep your digital house in order with those updates. Just a friendly tip from your neighborhood tech whisperer.

Derrick Flynn
Derrick Flynn
With over four years of experience in tech journalism, Derrick has honed his skills and knowledge to become a vital part of the PhonesInsights team. His intuitive reviews and insightful commentary on the latest smartphones and wearable technology consistently provide our readers with valuable information.


Please enter your comment!
Please enter your name here

Related Phone News