Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • Paige (she/her)@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    118
    arrow-down
    8
    ·
    1 year ago

    It probably doesn’t though. Obviously it’s closed source making it harder to tell what’s actually happening, but there’s nothing stopping security analysts from looking at network usage and such. I would imagine that Google doesn’t install a keylogger on every Android phone, not out of the goodness of their hearts, but because they don’t want the bad publicity and lawsuits when it would inevitably be discovered.

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      44
      arrow-down
      2
      ·
      edit-2
      1 year ago

      they do collect usage stats by default though.
      which include typed sentences passed through their ai model and words usage counts.
      it can all be turned off and gboard seems to respect these options. it doesn’t access online services unless requested with these options off.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        1 year ago

        If you mean by “collect usage stats” train their AI model on-device and send the training result to Google, then yes. If you mean that the actual words get sent to Google’s servers, then no. There was a study shared recently that looked into this. Only metadata about what’s typed is sent. That’s not nothing of course, but it’s not what Tencent does at all.

        E: Found it.