Bitcoin Forum

Please take a look at the picture below and tell me how using third party android keyboard a safe practice.

https://i.imgur.com/yi2tmit.jpg

Those warning scares the shit out of me, what if this keyboard is storing my recovery seed and words that I type through it? I quickly uninstall and revert back to the keyboard that comes with my phone and I think everyone should do the same.

That's why it's always recommended to use a hardware wallet and only write down your recovery seed, and only use a mobile wallet for smaller amounts of money. Even if you're using the stock keyboard, you can't really verify if it's storing your keystrokes or not; unless you're using an open-source custom ROM.

Grammarly has a lot of verbose on procedures protecting your data, and explaining that it does not access the content of sensitive fields such as passwords, bank accounts and so forth:

https://www.grammarly.com/trust
https://www.grammarly.com/security-practices

... but …

a)   First and foremost, any added keyboard will pose as a risk factor, and there is no need to incur such a risk.

b)   I’ve come to know quite a few corporations that have that information for show, and what really goes on may differ substantially from the in-place theoretical procedures.

c)   Data is allegedly secure until it isn’t. All data breaches will be preceded by corporations stating that they have this and that procedure in place to protect your data, but breaches occur, often with data you were not even expecting they’d amass.

d)   Even if we play along with some of the procedural claims, people tend to enter sensitive information on freestyle repositories (word, excel, txt, etc.), where the alleged protection against sensitive marked fields does not apply (nor are all such fields marked as such anyhow).

e)   These types of tools tend to need data from the customers to improve (i.e. dissect wordings that they are not acting upon correctly and so forth). This will call for data to be analysed, and even if anonymized, there is a risk that sensitive information ends-up in someone’s analytical environment to dissect.

f)   Although they claim not to be a key logger, the principals is necessary for the product to work.

You should never type your seed anywhere. Just for recovery purposes.

Your seed should be written in a piece of paper. If you need to recover your seed later on, recover the funds and immediately transfer them to a new wallet, which you never exposed your seed (i.e., never typed anywhere).

Well, before using the platform we should always the privacy policy to ensure that we are safe. ^{[ https://www.grammarly.com/privacy-policy#does-grammarly-share-my-information ]}. So if have you have a doubt about Grammarly, don't install it and find another tool that you can trust.
However, regarding your concern --use a hardware wallet if you want safe crypto transactions without leaving any footprint. It will not leave any information on the device that you have used, that is the advantage of the hardware than the free wallet, app or web wallet.

I don't even want to see your picture. Only when you say the word "third-party keyboard" should you have an alarm in your head.
You have already answered your question. Any third-party software brings benefits to the developer. This is spying on you, keyloggers that send information about you to the right servers, advertising designed to receive money, and all other nasty things.
Behind external decorations, far from good motives can be hidden.

Not necessarily only for typing the seed. How about if the user copied a particular address to send a fund and it is replaced. I am always skeptical whenever any application asks for permissions. I can only grant thus if there are no other feasible means of accomplishing what I  intended doing.
Here comes a maybe silly question.
Why would one want a new keyboard different from what the manufacturers of the device gave him. Could it be for aesthetics?

There is nothing like being tooo curious when ut comes to watching out for your own safety. The world is so cold that, everyone wants what you've got and as such, you've got to take steps to ensure safety.
Of what use is downloading or using some stupid fancy keyboard. With the world going digital and a man's fortune stored completely online in a digital space, you don't joke around when it comes to security. You've got a fancy keyboard and so what?
It's better dull and unattractive than having a some fancy keyboard, phish for your password, seed phrase or private key and live you with some costly story. The forum is full of those already!

A very funny fact that was revealed many months ago and shouldn't be very strange ;D
The point  is: this keyboard are designed by people and have been programmed  to save very authentic confidential information  of users without  your prior notice. The fancy keyboard is still very accessible  to the creator since  it's upgraded  from time to time and your saved informations can be derived easily. Someone  made a similar post warning people  out here to avoid fancy keypads for typing, he went as far as excruciatingly narrating his experiences and that's  just the truth. You're only curious by the way,  quit from it.

I have a Grammarly keyboard on my phone but I switch to the default keyboard when typing sensitive information like password and switch it back to Grammarly when I needed.
It's not a problem of having Grammarly just make sure that you always use the default keyboard every time you are typing a password or any sensitive data.

Or you can use Grammarly directly on their website if needed just make sure that you turn your browser to desktop mode to be able to access their website app.

Smartphone is everyone's spy so you can't really trust any software unless its ooen source and you understand what is happening behind the technology. I am using stock keyboard because I feels its more secure than Google's or any other keyboard. Its not preferable to store the password or private key and this is why Electrum like software can be safer since we no need to type the complete words we can simply select from the shown option and go to next word.

If you are afraid on things you didn't like to see on your devices then better don't store any balances on the device you used since mostly this one is vulnerable to any possible hacking especially when we download a malware. To avoid any of bad issues that might happen follow what other suggested like having a hardware wallet since this is more safer and cheaper way to safe keep your money.

You did the right thing and it's for the best, you have every right to be curious about something you have no 100% assurance on, some keyboards can safe your typing data and send them out to the keyboard makers pls stick with keyboard that comes with your smartphone.

Well you know, as if the default installed keyboard (Google keyboard/aosp) doesn't do these things

I quoted you for visibility so many can easily see that image. Again, your action immediately you saw that was spot on. Don't install untrusted apps. But of course, if you've warning in that direction it makes it obvious what the third party could be capable of. Most of these apps don't even put out those warnings but they clandestinely do what we fear most – steal our data. This is why we should not download whatever app we find just so we can make our phones or device look chic or trendy.

Not all third party keyboards are bad just stay away from those ones that ask for extra permissions before you can use them, those permissions are giving them full access over your phone memory and also data too.

I have used such keyboards before and it scared the sh*t out of me after I noticed it had stored my online banking passwords without my consent and after realizing this i immediately deleted the app to avoid any phishing or future damage from its use.

This is technical era and you can't imagine the risks we are prone to without our knowledge and installing third party softwares like this also falls under the same category.The seed phrases can be compromised through a number of ways which is why it is said not to have their screenshot in mobile or save them on your device but it should be stored somewhere safe offline to protect it from danger and hacks.

You must use the default keyboard for any information especially these types of and must avoid them if possible.The keylogger scams are not of nee type and without you knowing the hackers could easily learn about what you are typing on your keyboard through these third party apps so avoid using them.There have been some instances of using these keylogger where hackers have fooled people of their sensitive information like banks transfer of huge funds decrypt the password with keyboard apps.So it's better to use the default keyboard of yours.

There is one similar statement by one web developer on reddit and you can read it here :


Read these articles whose links i have found on reddit :

Would you allow full Grammarly keyboard access? (https://www.quora.com/Would-you-allow-full-Grammarly-keyboard-access)

 Why-does-Grammarly-require-full-access-to-my-keyboard (https://www.quora.com/Why-does-Grammarly-require-full-access-to-my-keyboard)

Exactly, I noticed the wallet is asking for a permission and it looks like accepting that will give the keyboard some extra freedom to mess with your data, after losing my token to a hacker weeks ago? Nah I've been more careful.

That's their app on phone but using them through browsers, they don't ask such.

It's like a keylogger that whatever you typed will be saved through that keyboard. That's good that you've noticed it too early and saw the message warning. Maybe this is the reason why I've been seeing people being a victim of phishing in different groups online. They haven't noticed those apps rules that they approve and agree with the terms.