A recent report from cybersecurity researchers at Citizen Lab reveals a significant security flaw in several popular keyboard apps for smartphones, The flaw puts communications of nearly a billion users at risk of unauthorized access.

The report reveals that keyboard apps from big names like Tencent (QQ Pinyin), Baidu (IME), iFlytek (IME), Samsung (Android Keyboard), Xiaomi (using keyboards from Baidu, iFlytek, and Sogou), OPPO, Vivo, and Honor were all found to be vulnerable.

Android Keyboard flaw

The flaw is that these keyboards were transmitting user keystrokes unencrypted, transmitting what users type as plain text. So anyone capable of intercepting the data could potentially read everything a user types “in transit.” 

These include everything from normal texts to sensitive information like passwords and credit card details. Thus, the size and scope of the data compromised could be huge. 

The research team found that Huawei was the only manufacturer whose keyboard app did not show this vulnerability. The report says the team couldn’t analyze Apple and Google’s keyboards because these apps lack cloud-based communication features.

Interestingly, the report points out that none of the examined devices came pre-installed with Google’s keyboard app, Gboard.

On a positive note, most manufacturers have reportedly addressed the issue as of April 1st, as the firm has already notified them. However, Honor and Tencent’s QQ Pinyin keyboards are still in the process of being updated to fix the problem.

If you haven’t updated your device in a while, we advise you to do so as soon as possible. Additionally, we recommend using a keyboard from a reputable maker, such as Google Keyboard, to ensure better security.

Related:

RELATED ARTICLESMORE FROM AUTHOR