News Items

News Items

Share this post

News Items
News Items
A Security Loophole.
Copy link
Facebook
Email
Notes
More

A Security Loophole.

With Chinese characteristics.

John Ellis
Apr 25, 2024
∙ Paid
11

Share this post

News Items
News Items
A Security Loophole.
Copy link
Facebook
Email
Notes
More
2
Share

Get 14 day free trial


1. Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing.  The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto. These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps—built by major internet companies like Baidu, Tencent, and iFlytek—basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found. (Sources: technologyreview.com, citizenlab.ca. Italics mine. The Citizen Lab report is worth reading in full.)

Keep reading with a 7-day free trial

Subscribe to News Items to keep reading this post and get 7 days of free access to the full post archives.

Already a paid subscriber? Sign in
© 2025 John Ellis
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More