Bitcoin Forum
November 14, 2019, 12:23:03 PM *
News: Help collect the most notable posts made over the last 10 years.
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Warning to third party smartphone keyboard users.  (Read 227 times)
Callanta787
Member
**
Offline Offline

Activity: 476
Merit: 20


View Profile WWW
July 03, 2019, 01:15:28 PM
Last edit: July 11, 2019, 12:56:33 PM by Callanta787
Merited by bones261 (2), DdmrDdmr (2), LTU_btc (1), boyptc (1), Baofeng (1), o_e_l_e_o (1), iasenko (1)
 #1

This warning is for those who uses mobile keyboard from third party websites or download from playstore ,some keyboards are stealing records of your account numbers ,backup phrases and private keys eg touchpal keyboard ,stick with the keyboard that comes integrated with your smartphone.

Check out the image below to see what I'm talking about


1573734183
Hero Member
*
Offline Offline

Posts: 1573734183

View Profile Personal Message (Offline)

Ignore
1573734183
Reply with quote  #2

1573734183
Report to moderator
1573734183
Hero Member
*
Offline Offline

Posts: 1573734183

View Profile Personal Message (Offline)

Ignore
1573734183
Reply with quote  #2

1573734183
Report to moderator
The Bitcoin Forum is turning 10 years old! Join the community in sharing and exploring the notable posts made over the years.
1573734183
Hero Member
*
Offline Offline

Posts: 1573734183

View Profile Personal Message (Offline)

Ignore
1573734183
Reply with quote  #2

1573734183
Report to moderator
mjglqw
Hero Member
*****
Online Online

Activity: 1120
Merit: 919


https://coinsources.io/bitcoin


View Profile WWW
July 03, 2019, 02:51:33 PM
 #2

Typing up your recovery seed on your phone is definitely a bad idea in terms of security; especially if you're storing big amounts. If I remember correctly, there was an article I've read last year concerning recovery seeds and a certain keyboard app storing keyboard inputs on their servers. Can't remember the whole story though.

As always, for big amounts of funds, hardware. wallets.

Callanta787
Member
**
Offline Offline

Activity: 476
Merit: 20


View Profile WWW
July 03, 2019, 03:26:41 PM
 #3

I was shocked to detect this today and I quickly uninstall the keyboard ,at the same time I have to move all my coins and tokens out of the wallet I imported the backup phrase seed using the keyboard to another new wallet right after getting rid of the shady keyboard. Not all apps are safe to use

bernardos
Member
**
Offline Offline

Activity: 392
Merit: 34


View Profile
July 03, 2019, 04:29:26 PM
 #4

I am not too surprised really, I was wondering when something like this would happen.
A close friend of mine has several of these third party keyboards installed, just because they look better. He makes fun of me cause I use the standard keyboard that comes on every phone. I never understood what the benefit of having such software on your phone is. I mean you press the button and if it registers the inputs correctly that is all I am interested in, does it really have to be fancy as well?

Thanks for informing is about such possibilities of misuse.
Indamuck
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 554



View Profile
July 03, 2019, 04:53:04 PM
 #5

Not surprised at all, at this point you need to assume anything you type, search, copy&paste, say, location, etc will be tracked and recorded when you are on a device connected to the internet.
mersal
Member
**
Offline Offline

Activity: 630
Merit: 24


View Profile
July 03, 2019, 05:51:57 PM
 #6

This warning is for those who uses mobile keyboard from third party websites or download from playstore ,some keyboards are stealing records of your account numbers ,backup phrases and private keys eg touchpal keyboard ,stick with the keyboard that comes integrated with your smartphone.

Check out this link to see what I'm talking about
http://imgur.com/bdOtcjq
This is the reason why most of the bank accounts got hacked.

Anyone heard of virtual keyboards while using them they keyloggers won't harm us,for typing password we need to use virtual keyboards.

And don't use any chinese related keyboards they don't have security for our personal info.

Harlot
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 607



View Profile
July 03, 2019, 06:24:22 PM
 #7

That's the problem with Google's playstore literally any developer can upload their app and be available to other people. There are no screening process or background checks done to this apps that is why a lot of them are ready for download. The thing is if you aren't really in need of those apps do not be tempted on downloading them especially the ones who have a few downloads and a bad rating because they aren't really worth it for you to try out.

LTU_btc
Hero Member
*****
Offline Offline

Activity: 1414
Merit: 754



View Profile WWW
July 03, 2019, 08:14:23 PM
 #8

Thanks for warning. Honestly, I never thought about it. But when you can find thousands of third party keyboard apps, it might be big issue. As I understand, even major keyboard apps used by millions aren't good to use in terms of privacy - most of them collect all this data. I'm not even talking about all these less known apps. Though I haven't heard I haven't heard about victims who lost something because his data was stolen through phone keyboard.
I use default my phone keyboard Gboard by Google and as I understand they also collecting lot of data. It's really concerning thing when keyboard provider may know all my passwords, pin codes and other secret information.
Maybe someone can suggest keyboard app good in terms of privacy which don't collect all this data, I think it may be useful to know for lot of people here.




▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄                  ▄▄▄   ▄▄▄▄▄        ▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄
 ▀████████████████▄  ████                 █████   ▀████▄    ▄████▀  ▄██████████████   ████████████▀  ▄█████████████▀  ▄█████████████▄
              ▀████  ████               ▄███▀███▄   ▀████▄▄████▀               ████   ████                ████                   ▀████
   ▄▄▄▄▄▄▄▄▄▄▄█████  ████              ████   ████    ▀██████▀      ██████████████▄   ████████████▀       ████       ▄▄▄▄▄▄▄▄▄▄▄▄████▀
   ██████████████▀   ████            ▄███▀     ▀███▄    ████        ████        ████  ████                ████       ██████████████▀
   ████              ████████████▀  ████   ██████████   ████        ████████████████  █████████████▀      ████       ████      ▀████▄
   ▀▀▀▀              ▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀  ▀▀▀▀        ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀▀▀▀▀        ▀▀▀▀       ▀▀▀▀        ▀▀▀▀▀

#1 CRYPTO CASINO & SPORTSBOOK
 WELCOME
BONUS
.INSTANT & FAST.
.TRANSACTION.....
.PROVABLY FAIR.
......& SECURE......
.24/7 CUSTOMER.
............SUPPORT.
BTC      |      ETH      |      LTC      |      XRP      |      XMR      |      BNB      |     more
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 742
Merit: 2956


Decent


View Profile
July 03, 2019, 09:25:35 PM
 #9

Typing up your recovery seed on your phone is definitely a bad idea in terms of security
As soon as you type your mnemonic phrase in to any electronic device (with the exception of a properly permanently air-gapped device), you should immediately consider it compromised and transfer all funds under that phrase to a new wallet.

Obviously third party keyboards are a risk, but please realize that the default keyboard is going the exact same thing - collecting all your inputs - and sending them to Google, Apple, Samsung, etc.

Also be aware that any third party app you download, not just keyboards apps, is a potential security risk if you are also storing crypto on your phone. Even some "trusted" wallet apps are a risk - for example, Coinomi was found to be using Google servers to spell check users who were entering their mnemonic phrase.

dothebeats
Legendary
*
Offline Offline

Activity: 2002
Merit: 1142



View Profile
July 03, 2019, 11:03:38 PM
 #10

That's why Electrum moblie has its own keyboard for retyping the seed for recovery because the team knows that third-party keyboards do have the ability to hijack clipboard words and other saved strokes (virtual keylogging anyone?) I only use an iPhone for banking-related things and important documents. It serves as my work phone while Android, a Galsxy s9+, is mainly for leisure and entertainment purposes. Good thing wallet developers know better, and the use of their own virtual keyboard is a way to avoid using third-party keyboards if it was installed on a phone.

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███

████▀█▄▀█████▌  ▀██▀▄█ ████

█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████

███████████████████████████
|▄█████████████████████████▄
███████████████████████████
████████▀▀▄▄▄▄▄▄▄▀▀████████
██████▀▄▀▀██░░░██▀▀▄▀██████
█████░██▄░░▄▄▄▄▄░░▄██░█████
████░█▀▀░▄██▄▄▄██▄░▀░█░████
████░█▄▄░█░█░░░█░█░▄▄█░████
████░██▀░▀██▀▀▀██▀░▀▀█░████
█████░█░▄▄░▀▀▀▀▀░▄▄░█░█████
██████▄▀██░░▄██░░██▀▄██████
████████▄▄▀▀▀▀▀▀▀▄▄████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████▀█▀░█▀▄█
████████████████████░░░░░▀▄
████▄▄▄▀██████████▄▄░░░░░░▀
███████▀▄░▀▄░░▀▀███▄█░░░░░█
██████▀▄▄▄▀░░░░░░░▀█▄█░█▄█▄
█████▀░░░░░▀▀▀░░░▀▄▀███████
█████░░░░█░███░█░░█░███████
█████▄░░░▀░▀▀▀░▀░▄▀▄███████
██████▄░░░░▀▀▀░▄▄▀▄████████
████████▄▄░░░░▀▄▄██████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
█████████████▐░░░░█████████
█████████████▐▄▄▄▄█████████
██████▀█▀███▀▀▀███▀█▀██████
███████▄▀▄▀▀░█░▀▀▄▀▄███████
█████████▀▀█▀▀▀█▀▀█████████
████████░█▀▀▀█▀▀▀█░████████
███████░█▀▀█▀▀▀█▀▀█░███████
██████░█▀▀▀█░░░█▀▀▀█░██████
█████░█▀▀█▀▀▀█▀▀▀█▀▀█░█████
████░█▀█▀▀▀█▀▀▀█▀▀▀█▀█░████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████████████████████
█████████▀▀▀███████████████
█████▀▀░░▄▄░░░▄████████████
█████▀▄░▀░▄▄▀▀░░▀▄░▄▀██████
█████░░▀█▀░░▀▀░▄░█▄▄▄▄█████
█████▌▀▄▐▌░█░▀░▀░█░░░░█████
██████▄░░█░░░▀▀░▄▀░▀░██████
████████▄▐▌░▄▄█████████████
███████████████████████████
███████████████████████████
▀█████████████████████████▀
▄█████████████████████████▄
████████████████████▀▀▀░███
████████████████▄░░░░░░░███
█████████████████▀░░░░░▐███
███████████████▀░░░░▄▄░████
█████████████▀░░░░▄████████
██████████▀▀░░░▄███████████
███████▀░░░▄▄██████████████
███▀▀▄▄▄███████▀▀▀▀▀███████
███████▀▀▀▀▀█░░░░░░░░▀█████
██▀▀▀▀░░░░░▄░░░░░░░░░▄░░▀▀█
░░▄░░░░▀▄░░█▄░░░▄▀░▄█░░░░░░
▀▄░▀█▄▄███▄███▄██▄███▄▄▀░▄▀
|ROULETTE
MINES
TOWERS
DICE
CRASH
──── ─── ─
boyptc
Hero Member
*****
Offline Offline

Activity: 1358
Merit: 537


★777Coin.com★ Fun BTC Casino!


View Profile
July 03, 2019, 11:54:09 PM
 #11

I'm glad that I don't download any third party or customizable keyboards. I stick to the integrated one.

But this is an eye opener and great reminder to those who loves to download those kind of smartphone keyboards that never use such and the traditional way of keeping your private keys/seeds through writing is still the best.

Thank you for the reminder, I've appreciated your warn.

mjglqw
Hero Member
*****
Online Online

Activity: 1120
Merit: 919


https://coinsources.io/bitcoin


View Profile WWW
July 04, 2019, 03:50:32 AM
 #12

Good thing wallet developers know better, and the use of their own virtual keyboard is a way to avoid using third-party keyboards if it was installed on a phone.

Or better, instead of actually letting you type in your recovery seed when verifying the words after you create a new wallet, some of the better wallets instead lets you tap on the words. Great UX + better security, a win-win. Importing previously made wallets is another story though.

BuxCoin
Sr. Member
****
Offline Offline

Activity: 518
Merit: 250


View Profile
July 04, 2019, 10:55:23 AM
 #13

many will download those fancy keyboard and use them , many website like net banking will display a separate keyboard or many anti virus software will also provide keyboard which is much safer to use
Doranile432
Member
**
Offline Offline

Activity: 154
Merit: 12


View Profile
July 11, 2019, 10:58:25 AM
 #14

We have 100s of fancy keyboards on play store on android devices but stop trusting apps from playstore since I download a VPN that has inbuilt malware ,thank God I was able to detect when scanning using Antivirus

EZ365TMREVOLUTIONARY DIGITAL ASSET ECOSYSTEM
WHITEPAPERINVESTOR pitch ❰ | Telegram | Twitter | Facebook |
███████████████ [ PLAYTRADELEARN ] ███████████████
ePesoInitiative
Sr. Member
****
Offline Offline

Activity: 868
Merit: 260



View Profile
July 11, 2019, 12:53:58 PM
 #15

Even some "trusted" wallet apps are a risk - for example, Coinomi was found to be using Google servers to spell check users who were entering their mnemonic phrase.

Jesus Christ! Glad I never use a phone for storing private keys. You are literally donating your bitcoins.


▄▄▄███████▄▄▄
▄▄█████▀▀''`▀▀█████▄▄
▄███P'            `YY██▄
▄██P'                  `Y██▄
███'                      `███
███'                         ███
▄██'   ▄█████▄▄  ,▄▄▄▄▄▄▄▄▄▄p   ███
▄██▀  ,████▀P▀███.`██████████P   ▀██▄
███[ ,████ __. ███.   ,▄████▀    ███
███[ ]████████████[  ▄████▀       ███
███[ `████   ,oo2 ▄████▀'       ,███
▀██▄  `████▄▄█████d███████████   ▄██▀
▀██.   `▀▀▀▀▀▀"  Y▀▀▀▀▀▀▀▀▀▀▀  ,██▀
███.                        ,███
▀██▄                      ▄██▀
▀███▄_                 ,███▀
▀███▄▄_          _▄▄███▀
▀▀████▄▄ooo▄▄█████▀
▀▀███████▀▀'

365

TM

EZ365 is a digital ecosystem that combines
the best aspects of online gaming, cryptocurrency
trading
and blockchain education. ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

..WHITEPAPER..    ..INVESTOR PITCH..

.Telegram     Twitter   Facebook

                       .'M████▀▀██  ██
                      W█Ws'V██  ██▄▄███▀▀█
                     i█████m.~M████▀▀██  ███
                     d███████Ws'V██  ██████
                     ****M██████m.~███f~~__mW█
          ██▀▀▀████████=  Y██▀▀██W ,gm███████
      g█████▄▄▄██   █A~`_WW Y█  ██!,████████
   g▀▀▀███   ████▀▀`_m████i!████P W███  ██
 _███▄▄▄██▀▀▀███Af`_m███   █W ███A ]███  ██
__ ~~~▀▀▀▀▄▄▄█*f_m██████   ██i!██!i███████
Y█████▄▄▄▄__. i██▀▀▀██████████ █!,██████
 8█  █▀▀█████.!██   ██████████i! █████
 '█  █  █   █W M█▄▄▄██████   ██ !██
  !███▄▄█   ██i'██████████   ██
   Y███████████.]██████████████
   █   ███████b ███   ██████
   Y   █   █▀▀█i!██   ████
    V███   █  █W Y█████
      ~~▀███▄▄▄█['███
            ~~*██

Play

            │
    │      ███
    │      ███
    │      ███
    │   │  ███
   ███  │  ███
   ███ ███ ███
 │  ███ ███ ███
███ ███ ███ ███
███ ███  │   │
███ ███  │   │
 │   │
 │

Trade

           __▄▄████▄▄
     __▄▄███████████████▄▄▄
 _▄▄█████████▀▀~`,▄████████████▄▄▄
 ~▀▀████▀▀~`,_▄▄███████████████▀▀▀
   d█~  =▀███████████████▀▀
   ]█! m▄▄ '~▀▀▀████▀▀~~ ,_▄▄
  ,W█. *████▄▄__ '  __▄▄█████
  !██P  █████████████████████
   W█. - ██████████████████▀
  i██[   ~ ▀▀█████████▀▀▀
 g███!
Y███

Learn
rhomelmabini
Full Member
***
Offline Offline

Activity: 462
Merit: 163


We're unknown and known, special and a clone!


View Profile
July 11, 2019, 03:59:12 PM
 #16

Good thing I never use these third-party keyboards and to be honest it is just a waste of RAM too if they are to be installed. Better if we stick to the default.

Herbet Fry
Sr. Member
****
Offline Offline

Activity: 812
Merit: 253


●Social Crypto Trading●


View Profile WWW
July 15, 2019, 03:51:33 PM
 #17

This is really scary. I wonder if a keyboard theme can do the same thing? Do you guys think it could record keystrokes as well? I guess it's best to use well know the software. I use grammarly on my phone and it has it's own keyboard. I am very hesitant to give details like private keys and passwords into third-party software. What else should we be careful of when using the google store? Pretty scary you must remain so vigilant.

DdmrDdmr
Hero Member
*****
Offline Offline

Activity: 672
Merit: 2830


There are lies, damned lies and statistics. MTwain


View Profile WWW
July 15, 2019, 04:14:07 PM
 #18

<...>
Allegedly Grammarly does not log your key strokes:
https://support.grammarly.com/hc/en-us/articles/360003816032-Is-Grammarly-a-keylogger-
Quote
passwords.
Grammarly does not record every keystroke you make on your device. Grammarly accesses only the text you write using a Grammarly product, and only for the purposes of checking your text and providing corrections. Additionally, Grammarly does not process anything you type in text fields marked "sensitive," such as credit card forms or password fields.

Of course you can always find statements to the contrary: https://techbeacon.com/security/grammarly-leaks-everything-youve-ever-typed-service-everything (2018 article):
Quote
Tavis Ormandy discovered that any webpage could easily hijack your session and steal all the information in your Grammarly account. And that includes absolutely everything you've typed into the service.
Although the above may have been addressed since then, it does go to state that nothing is free from vulnerability, so the less third-party whatever’s that can access your keystrokes the better.

We’ve also got the following to go by from reading Grammarly’s privacy policy: https://www.grammarly.com/privacy-policy#how-secure-is-my-information
Quote
Grammarly is committed to protecting the security of your Information and takes reasonable precautions to protect it. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure, and as a result, we cannot ensure the security of Information you transmit to us, including Personal Data and User Content; accordingly, you acknowledge that you do so at your own risk.

See also: https://www.quora.com/Is-it-safe-to-use-Grammarly


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!