Signal-android: Use keyboard incognito mode API

Created on 22 Sep 2017  路  3Comments  路  Source: signalapp/Signal-Android

I have:


Bug description

The new keyboard "incognito" mode API should be used so that keyboards such as Gboard do not collect input data from messages typed in Signal.

Steps to reproduce

  • Type a message using Gboard

Actual result: Keyboard does not use "incognito" mode
Expected result: Keyboard should be loaded with personalization disabled.

Device info

Device: Samsung Galaxy
Android version: 6.0.1
Signal version: 4.9.9

Most helpful comment

The incognito flag is only set when you are typing in a ComposeText, in other places within the application, such as the search bar on the main conversation screen, the flag will not be set.

I think the preference should be read and respected at every point within the application where the keyboard is used. As the preference is currently phrased within the app, it is not clear to users that incognito mode is only used in some places which could cause a user to leak information to their keyboard that they were not expecting to. I could see a user sending a message (in incognito), and then later searching for that message (not in incognito) which would result in a leak to the ~keylogger~ keyboard.

Granted, IME authors can always ignore/disrespect this flag, but I think that Signal should at least be consistent in setting it.

I'd be happy to work on generalizing this preference across all the app's EditTexts.

All 3 comments

This disables the autocorrect feature, doesn't it? Should be optional then, if it's even included at all.

i think it most certainly should be included. the Gboard is essentially a key logger and to have that information leaking and going straight to google, whats the point of using a secure e2e messaging if all of everything you type is being leaked elsewhere without the same level of security your message was sent / stored with. But making it optional seems like a good plan. It is basically the same as the anti-screenshot feature, it prevents other apps and such from hooking into potentially dangers API calls from the system, like reading / recording the screen, or keystroke recording / logging

The incognito flag is only set when you are typing in a ComposeText, in other places within the application, such as the search bar on the main conversation screen, the flag will not be set.

I think the preference should be read and respected at every point within the application where the keyboard is used. As the preference is currently phrased within the app, it is not clear to users that incognito mode is only used in some places which could cause a user to leak information to their keyboard that they were not expecting to. I could see a user sending a message (in incognito), and then later searching for that message (not in incognito) which would result in a leak to the ~keylogger~ keyboard.

Granted, IME authors can always ignore/disrespect this flag, but I think that Signal should at least be consistent in setting it.

I'd be happy to work on generalizing this preference across all the app's EditTexts.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

notthematrix picture notthematrix  路  3Comments

jult picture jult  路  3Comments

hiredgunhouse picture hiredgunhouse  路  3Comments

vvug picture vvug  路  3Comments

ghost picture ghost  路  3Comments