In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
Nah. They don’t know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won’t reach critical mass.
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app.
Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don’t know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn’t exist in the stock keyboard.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it’s everywhere.
Sure. Foreigners aren’t really sanctioned though, that’s more of a risk for the locals. But even then usually only if they want to get someone disappeared and don’t have anything substantial against them.
I live in China and this software is cancerous not just in the encryption failure, it also nestles into a computer like a trojan. Creates 2 fallback installations and will reinstall itself after removal if you reboot in between, unless you get rid of all 3 installations at once, where they are deliberately trying to obfuscate the uninstall button (triple confirmation, swapping the confirm/cancel buttons and button background colors, etc.).
It’s a nasty piece of crap that come preloaded on any phone (android, at least) and Windows-PC here.
It’s time to switch to Linux!
I mean the CCP is aiming to have people use Kylin? If the government and the entire populace starts using Linux instead we’ll just see the same BS on Linux instead. It’s not an OS/platform issue, but an issue of bad actors.
On the plus side maybe then it’ll finally be the year of the Linux desktop.
monkeys paw curls
deleted by creator
Don’t worry, there is also a Linux version.
Oof
Then they’ll install the Linux version. People here are so indoctrinated, they like it.
Do people generally try to circumvent it? Are they too scared to uninstall it? Or do they just not care?
Worse. They think it’s useful.
Why? Useful for safety and security of the society?
Edit: Why downvotes? I’m trying to put myself in their shoes, it’s not how I view it lol
Comes with a built in translator and spell checker, and since access to Google translate is blocked, that’s often the only alternative.
Ah ok makes sense
Lol “I love this tool that they made, because they blocked me from Google translate.”
Nah. They don’t know Google translate. Or Google, for that matter. They know what they are supposed to know.
Of course some people know better, and those are the ones who will eventually get around the block - finding and installing a VPN is not rocket science, not even here. But if you keep 98% of the population contained, the rest won’t reach critical mass.
deleted by creator
I thought we are talking about a keyboard app?
Yeah, wtf is that equivalency?
“Why do people smoke”
“Well some people like to eat at restaurants or watch movies with their friends so”
Haha, exactly my thought
It was a “what about” analogy. It compares a app that steals data without the users consent and the other one is the keyboard app. Both seem to be wanted by consumers despite the steeling parts.
Yeah but a social media platform has completely different qualities. Therefore the reasons for people how and why they use them will be completely different. Also the keyboard app is forced on the phones by the state while the use of social media platforms is optional. Just too many different factors at play here imo.
Some weird downvotes, and I want to know too. Why does a keyboard app mean anything to anyone? The keyboards included on iOS and latest Android versions are great.
Don’t know about this keyboard or Chinese, but a language specific feature might be one of the reason.
I use SwiftKey and I love how it supports multilingual autocorrect and prediction for Indonesian and English without needing to switch between keyboard language.
iOS built in keyboard supports multilingual typing for some languages, but not Indonesian.
I assume people love it also because some specific feature that doesn’t exist in the stock keyboard.
My guess is that it might either be more accurate in predictions or some additional convenience factors that makes typing this logographic language much easier and faster lol.
Or people are also simply used to it since it’s everywhere.
Be careful jumping the firewall.
Sure. Foreigners aren’t really sanctioned though, that’s more of a risk for the locals. But even then usually only if they want to get someone disappeared and don’t have anything substantial against them.