Your Android keyboard is an integral part of your smartphone experience. It is one of the tools that you will use the most. Whether you’re surfing, chatting, or creating documents, your keyboard is an important part of everything you do on your smartphone.
With a feature that is used quite frequently, it is normal that Android users try to adapt it to their tastes. But Android’s default keyboard isn’t the best in terms of customization options. As a result, Android users are opting for third-party keyboards that have the features they need. But is that safe?
Third-party keyboards promise endless customization possibilities
Older versions of Android have a built-in keyboard that feels a little boring. Newer versions come with the much-improved Gboard (an Android keyboard made by Google), but even Gboard falls short of the aesthetic and functional expectations of many users.
In the Play Store you will find keyboards that can completely change your typing experience. Some of them can correct your grammar and predict your next words with impressive accuracy. Some give you complete control over your keyboard’s appearance, with room to change the colors and layout of your keys.
Third-party keyboards thrive on customization. This is the main reason why they are popular among Android users.
Unfortunately, the allure of unrestricted customization sometimes comes with a huge cost. At first glance, a keyboard app might not seem like anything to be wary of. It’s just a keyboard app, right? It’s not like it’s a social media app spying on your private conversations or a gallery app stealing your photos.
Android keyboards may seem harmless, but they pose a very strong threat to your personal information, sometimes even more so than the much-maligned messaging apps.
What Makes Third-Party Android Keyboards a Security Risk?
When a PDF reader app requests access to your microphone or contacts, it would raise eyebrows. It could either be featured in the Play Store or users could become wary when downloading it.
However, the story changes when it comes to keyboard apps. Many third party keyboard apps usually have a long list of permission requests. You can request access to everything from your camera, microphone and contacts to your device storage and network connections.
All these permissions are mostly granted because these apps legitimately need these permissions to work properly.
But you could be risking more than you realize. For example, if you grant the requested permissions to the popular Go Keyboard, the app can read your contacts, take pictures and videos, read the contents of your phone storage, record audio with your microphone, and share data from your phone over the internet. It’s not hard to figure out what could go wrong with such intimate access to your data.
It’s not just Go Keyboard; Kika keyboard, emoji keyboard and almost every popular keyboard app usually have the same level of access on Android devices. Unfortunately, some app developers sometimes abuse these privileges.
A 2017 report by security research firm AdGuard showed how Go Keyboard collected millions of users’ personal information. The app then sent the collected data to remote servers and then allegedly shared it with third parties.
As if that wasn’t bad enough, due to the extensive permissions, the app was able to download executable code, which was then deployed as adware on targeted devices. Shortly after these details emerged, the app was updated and the violations removed.
This is not an isolated case. In 2019, Upstream, another security research firm, wrote about an Android keyboard called ai.type that allegedly not only steals user data but also makes unauthorized digital purchases using its users’ banking information. The app has been removed from the Play Store. Wondering how it got its users’ banking information?
The Ultimate Trojan Horse
Everything you type on your Android smartphone goes through your keyboard. That means your Android keyboard has access to the passwords, private emails, documents, and SMS messages you type on your phone. It can even see your credit card information.
Combine the extensive permissions that Android keyboards get with the fact that you’re feeding them tons of private information with just a simple tap, and you’ve got the perfect Trojan horse. It just sits there and looks harmless, but could possibly be the most dangerous app you have on your phone.
So what now? Should we all stop using all third-party Android keyboards?
Trusted third-party Android keyboards
Android’s built-in keyboard isn’t quite as simple as most Android users think. Once you get the hang of it, you’ll find that it’s one of the most powerful Android keyboard apps you can get your hands on.
However, if you’ve decided, like millions of others out there, that Google’s Gboard isn’t your thing, you should be very selective about which options you can trust. Here are some safe options that are generally considered safe:
With more than a billion downloads on the Play Store, Microsoft’s SwiftKey is trusted by a large community of Android users. It’s packed with a ton of customization options, including beautiful themes, flashy GIFs and emojis, and some excellent text recognition features.
Downloads: SwiftKey (free)
If you make a lot of typos or write a lot of formal texts that need to be grammatically correct, then this is the keyboard for you. No, you don’t get the fancy themes and endless supply of GIFs that you get from other keyboards – as the name suggests, Grammarly is all about your grammar.
Downloads: Grammar (Free, subscription available)
Open Source Keyboards
It’s difficult to find third-party Android keyboards that you can vouch for. However, some open source options might provide some semblance of data security as long as they are managed and audited by the public.
They might not offer the best customization, but it would help you sleep better knowing that independent developers are keeping tabs on how these apps manage your data. Here are some open source Android keyboards you can try.
Stick with your standard Android keyboard
Smartphone manufacturers can preinstall their favorite keyboard apps that are considered generally safe. However, on most Android devices, Google’s Gboard is the default keyboard app. If for some reason it doesn’t come with your device, you should install it.
Of course, Google will also use your data to a certain extent. However, you do get some transparency about what data is being used and for what purposes. You can also rest assured that your keyboard will not be used to steal your credit card information.