Your Keyboard is a Snitch (and how to fix it)

On how to stop companies from collecting everything that you write on your phone

Mar 03, 2024

You may have taken steps to enhance your privacy on your smartphone, such as installing secure messaging apps and using private browsing. However, one aspect that often goes overlooked is the keyboard — the gateway through which we input sensitive information like passwords, credit card details, and personal messages.

This article will help you make whatever you type on your phone yours and yours only. I hope you like it! Let’s dive in.

Your Smartphone Keyboard

Girl on phone texting — Credit: Andrea Piacquadio

The privacy of your smartphone keyboard depends on several factors, including the type of keyboard you use. Not all keyboard apps are created equal; some may quietly siphon off your keystrokes to centralized servers, posing significant privacy risks.

System Keyboards

Your smartphone's operating system typically comes with a built-in virtual keyboard. While convenient, these system keyboards may still collect data for various purposes, such as improving predictive text and emoji suggestions, or for company profit, yuck!

Third-Party Keyboards

Third-party keyboard apps, though offering additional features like swipe typing and custom themes, often raise concerns about privacy. (cough cough Gboard) You should be sure of the developer’s technical capabilities, and data handling practices before you trust keyboards with your sensitive information.

Understanding the Risks

The risks associated with smartphone keyboards extend beyond data collection. Third-party keyboards may request extensive permissions, including access to sensitive data like location and contacts, raising red flags about potential privacy breaches.

Additionally, some keyboards may contain trackers or employ flawed encryption methods, leaving users vulnerable to data interception and breaches.

There’s also the risk of keyloggers1, which are sometimes present in third-party keyboards.

Share this post with other keyboard warriors

A mechanic does things okay? — Credit: Pixabay

To mitigate privacy risks associated with smartphone keyboards, consider opting for open-source, offline, privacy oriented keyboards and operating systems.

Open-source keyboard apps like OpenBoard prioritize privacy and transparency, offering features comparable to proprietary keyboards without compromising user data.

Operating systems like CalyxOS and GrapheneOS prioritize user privacy by minimizing data collection and eliminating reliance on data-driven corporations like Google and Apple. They also offer toggles to completely shut down internet to and from the apps you choose. Enabling that toggle for your keyboard is a good idea.

But, I love my keyboard app :(

Gboard is bad for you — Credit: ComputerWorld

There is a way for you to keep your keyboard app and have it be private at the same time. Though this is not recommended, it is prone to user and software error, it isn’t always guaranteed to be perfectly safe, and should not be used by people who have a high threat model.

Remember the internet toggle we talked about, there are apps that can do the exact same thing on any operating system! You can stop your keyboard from talking to the internet through this method. Apps like Netguard come to mind.

Though there are many downsides for using apps like these, which is why we don’t recommend you do it. It’s way easier to switch to a privacy-friendly keyboard. But if you insist, here some of the things you need to keep in mind:

If you don’t have a rooted phone, (which is a good thing for security) these apps will use up your phone’s VPN slot as an always on VPN. These kinds of apps ~~should not~~ do not connect to any VPN, but instead use your phone’s VPN functionality to set a barrier, which has rules for filtering incoming and outgoing traffic. This means that you can’t use a VPN alongside these apps. Any attempt to use another VPN will stop the app’s functionality, increasing risks of data caching2, so tread lightly.
User error is really high while using complicated solutions like these. You might accidentally disable the VPN toggle, or force stop the app.
Software error sometimes occurs as well, these apps might not be 100% robust, which could cause them to leak data.
Your phone might also leak data in some situations, while the app has not started running yet. This could happen for example directly after a reboot, or right after an update.
Firewall apps can sometimes consume additional battery power, especially if they are actively monitoring and filtering network traffic. This can impact your device's battery life and overall performance.
Some firewall apps may not be fully compatible with all devices or may not work correctly with certain apps or operating system versions. This can lead to unexpected behavior or limitations in functionality.
Depending on how aggressively the firewall app filters network traffic, it could potentially impact the performance of certain apps or services that rely on consistent internet connectivity. This could result in slower loading times or disrupted functionality for those apps.
You’re adding another party to trust with your data. While firewall apps can help enhance privacy by blocking certain apps from accessing the internet, they may also collect data about your device usage and internet activity. Be sure to review the privacy policy of any firewall app you use to understand how your data is being handled.
Like any other app, firewall apps require regular updates and maintenance to remain effective and secure, which also puts pressure on developers to constantly keep updating their app, and on you to keep installing the updates.
A firewall app does not stop your keyboard from interacting with the rest of the operating system. Your keystrokes can be passed down to another process or app on your phone that is not blocked by your firewall app, rendering this solution basically useless.
PS: Privacy-friendly operating systems like GrapheneOS and CalyxOS have this functionality built-in, removing most of these concerns.

— That’s it! You now know what to do to keep what you type on your phone yours and yours only. If you liked this article, don’t forget to subscribe and leave a like! Peace.

ShieldMe is, and will always remain a free publication. Subscribe to support the people behind the content you love, or share this post to help us and others advocating for privacy!

Keylogging is a type of surveillance technology that monitors and records every keystroke made on a keyboard. It can be either software-based or hardware-based. Software keyloggers are malicious programs installed on a computer or device without the user's knowledge, while hardware keyloggers are physical devices inserted between the keyboard and the device. (or even through a USB stick) A typical malicious keylogger often listens for things like usernames, passwords and social security numbers. This data then gets sent to the hacker’s machine.

Some apps and services don’t wait for constant internet access to call home, but instead store data in your phone’s memory and waits patiently until there’s an internet connection in order to silently send the whole thing. This is known as data caching. It is a risk because keyboard can record your keystrokes in memory, and send it later to their own servers.