敲敲打打：一系列云端输入法漏洞使网络攻击者得以监看个人用户的输入内容（摘要）

This translated summary of a Citizen Lab report presents critical vulnerabilities in cloud-based Chinese keyboard/input-method apps (Baidu, Sogou/QQ, iFlyTek, OPPO, Vivo, Samsung, Huawei, Honor, Xiaomi) that allow passive and/or active network eavesdroppers to decrypt users' typed input; eight of nine vendors had weaknesses enabling complete encryption bypass or lacked encryption altogether, potentially affecting up to a billion users. The report lists affected apps and platforms, describes patching/status per vendor (some fully patched, some partially, some unpatched), and gives recommendations to researchers, app stores, IME and OS developers, manufacturers, and users—urging updates, disabling cloud suggestions for high-risk users, and preferring offline IMEs.