Ask HN: Why is okay for third-party keyboards to know our passwords?

2 points by ralusek ↗ HN
Virtually every keyboard available on Android that I am aware of has internet access, and openly sends ALL text inputed by users to their servers for "pattern analytics." "Better autocorrect" is probably one of the features I care the least about in this world, and certainly one I'd be more than happy to do without at the expense of privacy. What's crazy to me is that not only do these keyboard applications know our passwords to absolutely every application, but all of our inputs and communication, period.

I even have a few privacy-conscious friends who will attempt to use encrypted communications like Signal, without realizing that their input is captured and sent to the keyboard application's servers before their end-to-end encryption even gets its mitts on it.

Why do we trust these companies? Are Swiftkey, Swype, Samsung, Google, etc responsible stewards of the open access to your bank accounts, social media, and otherwise encrypted communications?

3 comments

[ 374 ms ] story [ 975 ms ] thread
The standard keyboard doesn't send your input to Google. I'm not sure about others, but it would be a really slow and inefficient use of their services (and a terrible delay in the UX).

Sure, they can capture and send that data, but you can verify yourself whether that happens or not with network capture.

I don't feel Swiftkey sends passwords (no opinion about others) because I'm offline more often than online and Swiftkey works just fine. While it is possible they are collecting locally and uploading periodically, I don't feel it's probable. Their privacy policy says they don't transfer any data or passwords unless an account is opened with them.

[1]: https://support.swiftkey.com/hc/en-us/articles/201454592-Swi...

I use Fleksy, which does not access anything the user types, it's the most PRIVATE and SECURE mobile keyboard out there. www.fleksy.com