Your Android keyboard is an integral part of your smartphone experience. It is one of the tools you’ll use the most. Whether you’re browsing, chatting, or creating documents, your keyboard is a key part of everything you do on your smartphone.
For a feature that is used quite frequently, it is normal for Android users to try to customize it to their taste. But Android’s default keyboard isn’t the best in terms of customization options. As a result, Android users opt for third-party keyboards that have the functionalities they need. But is this safe?
Third-Party Keyboards Promise Endless Customization
Older versions of Android come with an in-built keyboard that feels a bit bland. More recent versions come with the much improved Gboard (a Google-made Android keyboard), but even Gboard falls below the aesthetic and functional expectations of many users.
On the Play Store, you’ll find keyboards that can completely transform your typing experience. Some of them can correct your grammar and predict your next words with impressive accuracy. Some give you total control of the look and feel of your keyboard, with room for changing the colors and arrangement of your keys.
Third-party keyboards thrive in customization. It is the main reason they’re popular among Android users.
Unfortunately, the allure of unrestricted customization sometimes comes at a huge cost. At first, a keyboard app doesn’t seem like anything you should be wary of. It’s just a keyboard app, right? It’s not like it’s some social media app that could be snooping on your private conversations, or a gallery app that could be stealing your photos.
Android keyboards may seem harmless, but they pose a very potent danger to your personal information, sometimes even much more than the much-maligned messaging apps.
What Makes Third-Party Android Keyboards a Security Risk?
If a PDF reader app requests access to your microphone or contacts, it would raise eyebrows. It could either get flagged on the Play Store or users may become cautious about downloading it.
However, the story changes when it comes to keyboard apps. A lot of third-party keyboard apps typically have a long list of permission requests. They may request access to anything from your camera, microphone, and contacts to your device storage and network connections.
All these permissions are mostly granted because these apps legitimately need those permissions to work properly.
But you could be risking more than you realize. When you grant the requested permissions to the popular Go Keyboard, for example, the app can read your contacts, take pictures and videos, read the contents of your phone storage, record audio with your microphone, and relay data from your phone over the internet. It’s not hard to figure out what could go wrong with such intimate access to your data.
It’s not just Go Keyboard; the Kika Keyboard, Emoji Keyboard, and almost every popular keyboard app typically have the same level of access on Android devices. Sadly, some app developers sometimes abuse these privileges.
A 2017 report by security research firm AdGuard showed how Go Keyboard was harvesting the personal data of millions of users. The app then sent the harvested data to remote servers and then allegedly shared it with third parties.
As if that wasn’t bad enough, because of the extensive nature of the app’s permissions, it was able to download executable code which was then deployed as adware on target devices. The app was updated shortly after these details were revealed, and the violations were removed.
This is not an isolated incident. In 2019, Upstream, another security research firm, wrote about an Android keyboard called ai.type that was alleged to not just be stealing users’ data but was also making unauthorized digital purchases using the banking information of its users. The app was removed from the Play Store. Wondering how it got the banking information of its users?
The Ultimate Trojan Horse
Everything you type on your Android smartphone goes through your keyboard. This means your Android keyboard has access to those passwords, private emails, documents, and SMS messages you type on your phone. It can even see your credit card information.
Combine the extensive level of permissions Android keyboards get with the fact that you provide it with tons of private information by simply typing, and you have the perfect Trojan Horse. It just sits there looking harmless, but could potentially be the most dangerous app you have on your phone.
So what now? Should we all stop using all third-party Android keyboards?
Trusted Third-Party Android Keyboards
Android’s in-built keyboard is not entirely as basic as most Android users believe. If you know your way around it, you’ll find it to be one of the most powerful Android keyboard apps you can get your hands on.
However, like millions of others out there, if you’ve made up your mind that Google’s Gboard is not your thing, you should be very picky about which options you can trust. Here are some safe options that are generally considered safe:
With more than a billion downloads on the Play Store, Microsoft’s SwiftKey is trusted by a large community of Android users. It comes packed with a wide range of customization options including beautiful themes, flashy GIFs, and emojis, as well as some excellent predictive text features.
Download: SwiftKey (Free)
If you make a lot of typing mistakes or produce a lot of formal write-ups that need to be grammatically correct, then this is the keyboard for you. No, you won’t get the fancy themes and endless supply of GIFs you get from other keyboards—as the name implies, Grammarly is all about your grammar.
Download: Grammarly (Free, subscription available)
It’s hard to find third-party Android keyboards you can vouch for. However, some open-source options could provide some semblance of data security as long as it is managed and scrutinized by the public.
They may not offer the best in terms of customization, but it would help you sleep better knowing independent developers are keeping tabs on how these apps manage your data. Here are some open-source Android keyboards you can try.
Stick With Your Default Android Keyboard
Smartphone manufacturers may pre-install their preferred keyboard apps which are considered to be generally safe. However, on most Android devices, Google’s Gboard is the default keyboard app. If for some reason it isn’t shipped with your device, you should consider installing it.
Of course, even Google will use your data to a certain degree. However, you’ll get some transparency about what data it’s using and for what purposes. You’ll also be sure that your keyboard isn’t being used to steal your credit card information.
How to Change Your Android Keyboard