Chinese Keyboard App Vulnerabilities Explained

The report examines cloud-based pinyin keyboard apps used in China and finds that many transmit keystrokes insecurely, enabling ISPs, VPN providers, or other local network eavesdroppers to capture passwords, financial data, and other sensitive input; researchers created working exploits against some vendors (notably Honor and Tencent QQ Pinyin), estimate up to one billion users could be affected, notified vendors, and urge users to update or switch to on-device keyboards (e.g., Gboard, Apple keyboard).