I have:
The new keyboard "incognito" mode API should be used so that keyboards such as Gboard do not collect input data from messages typed in Signal.
Actual result: Keyboard does not use "incognito" mode
Expected result: Keyboard should be loaded with personalization disabled.
Device: Samsung Galaxy
Android version: 6.0.1
Signal version: 4.9.9
This disables the autocorrect feature, doesn't it? Should be optional then, if it's even included at all.
i think it most certainly should be included. the Gboard is essentially a key logger and to have that information leaking and going straight to google, whats the point of using a secure e2e messaging if all of everything you type is being leaked elsewhere without the same level of security your message was sent / stored with. But making it optional seems like a good plan. It is basically the same as the anti-screenshot feature, it prevents other apps and such from hooking into potentially dangers API calls from the system, like reading / recording the screen, or keystroke recording / logging
The incognito flag is only set when you are typing in a ComposeText
, in other places within the application, such as the search bar on the main conversation screen, the flag will not be set.
I think the preference should be read and respected at every point within the application where the keyboard is used. As the preference is currently phrased within the app, it is not clear to users that incognito mode is only used in some places which could cause a user to leak information to their keyboard that they were not expecting to. I could see a user sending a message (in incognito), and then later searching for that message (not in incognito) which would result in a leak to the ~keylogger~ keyboard.
Granted, IME authors can always ignore/disrespect this flag, but I think that Signal should at least be consistent in setting it.
I'd be happy to work on generalizing this preference across all the app's EditText
s.
Most helpful comment
The incognito flag is only set when you are typing in a
ComposeText
, in other places within the application, such as the search bar on the main conversation screen, the flag will not be set.I think the preference should be read and respected at every point within the application where the keyboard is used. As the preference is currently phrased within the app, it is not clear to users that incognito mode is only used in some places which could cause a user to leak information to their keyboard that they were not expecting to. I could see a user sending a message (in incognito), and then later searching for that message (not in incognito) which would result in a leak to the ~keylogger~ keyboard.
Granted, IME authors can always ignore/disrespect this flag, but I think that Signal should at least be consistent in setting it.
I'd be happy to work on generalizing this preference across all the app's
EditText
s.