In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted, constituting a tremendous risk to user security.
Well, it can’t just be about that. There are ways to salt the data so that it’s not predictable. I’m not an expert in that area, but I know it’s a technique that’s often employed by cryptography experts when this is a major concern.