“Please do not make it public” (Tencent’s Sogou Input Method)
“Please do not make it public” (Tencent’s Sogou Input Method)
citizenlab.ca “Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping - The Citizen Lab
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could...
1
comments
I'm not sure securely sending your keystrokes to TenCent is much safer than having them eavesdropped by a 3rd party. If you care about your privacy it's probably better to not use that keyboard at all.