How Chinese keyboard apps could potentially put the online security of hundreds of millions in China at risk
- After a security flaw was found in keyboard app Sogou, we look at the implications for similar apps and how even encrypted platforms like Signal are at risk
For millions of Chinese people, the first software they download on a new laptop or smartphone is always the same: a keyboard app. Yet few of them are aware that it may make everything they type vulnerable to spying eyes.
Since dozens of Chinese characters can share the same latinised phonetic spelling, the ordinary QWERTY keyboard alone is incredibly inefficient.
A smart, localised keyboard app can save a lot of time and frustration by predicting the characters and words a user wants to type. Today, more than 800 million Chinese people use third-party keyboard apps on their PCs, laptops and mobile phones.
But a recent report by the Citizen Lab, a University of Toronto-affiliated research group focused on technology and security, revealed that Sogou, one of the most popular Chinese keyboard apps, had a massive security loophole.
“This is an app that handles very sensitive information – specifically, every single thing that you type,” says Jeffrey Knockel, a senior research associate at the Citizen Lab and co-author of the report.
“So we wanted to look into that in greater detail and see if this app is properly encrypting this very sensitive data it’s sending over the network – or, as we found, is it improperly doing it in a way that eavesdroppers could decipher?”
