恶梦护士 asa_智能手机键盘是隐私的噩梦

恶梦护士 asa

Both Android and the iPhone allow you to replace the standard keyboard with a third-party one. By its very nature, though, a keyboard has full access to everything you type on it—from private messages to passwords and credit card numbers. Some of the keyboard’s data is often sent over the internet, where it could be stolen—or even abused by the keyboard’s developer.

Android和iPhone均允许您用第三方键盘替换标准键盘。 但是，就其本质而言，键盘可以完全控制您在键盘上键入的所有内容-从私人消息到密码和信用卡号。 键盘的某些数据通常是通过Internet发送的，这些数据可能被窃取，甚至被键盘的开发人员滥用。

This isn’t theoretical, either: this has already happened. And it’s exactly why we have a problem trusting third-party smartphone keyboards.

这也不是理论上的：这已经发生了。 这正是我们在信任第三方智能手机键盘方面遇到问题的原因。

ai.type和SwiftKey泄漏 (The ai.type and SwiftKey Leaks)

Ai.type is a popular keyboard for Android and the iPhone that claims over 40 million users worldwide. On December 5, 2017, the personal data of over 31 million customers leaked online. Their database server was literally left alone without a password to protect it, so anyone could access the information.

Ai.type是适用于Android和iPhone的流行键盘，在全球拥有4000万用户。 2017年12月5日，超过3100万客户的个人数据在线泄漏。 实际上，他们的数据库服务器没有密码就可以单独保护，因此任何人都可以访问该信息。

In additional to phone numbers, names, and email addresses, text typed using the keyboard was also stolen. The company had promised never to “learn” from password fields, but ZDNet “saw one table containing more than 8.6 million entries of text that had been entered using the keyboard, which included private and sensitive information, like phone numbers, web search terms, and in some cases concatenated email addresses and corresponding passwords.”

除电话号码，姓名和电子邮件地址外，使用键盘键入的文本也被盗。 该公司曾承诺永远不会“学习”密码字段，但ZDNet “看到一张表，其中包含超过860万个使用键盘输入的文字，其中包括私人和敏感信息，例如电话号码，网络搜索字词，并在某些情况下将电子邮件地址和相应的密码连接在一起。”

This isn’t the first time a keyboard has inadvertently leaked data. The popular SwiftKey keyboard had a data leak after it was purchased by Microsoft. The SwiftKey keyboard began suggesting private email addresses to other SwiftKey users, when those email addresses should never have been exposed.

这不是键盘意外泄漏数据的第一次。 微软购买了流行的SwiftKey键盘后，数据泄漏了。 SwiftKey键盘开始向其他SwiftKey用户建议私人电子邮件地址，而这些电子邮件地址从不应该公开。

为什么键盘如此危险 (Why Keyboards Are So Dangerous)

Third-party keyboards are so dangerous because they want to be “smart”. Keyboards aren’t content to just live entirely on your phone and allow you to enter letters. Instead, they try to perform advanced text prediction and personalized autocorrect. To personalize your experience, they often upload data about how and what you type to the company’s servers.

第三方键盘非常危险，因为它们希望变得“智能”。 键盘不满足于仅完全驻留在手机上并允许您输入字母。 相反，他们尝试执行高级文本预测和个性化自动更正。 为了个性化您的体验，他们经常将有关您键入方式和内容的数据上传到公司的服务器。

This certainly makes things more convenient, but as with all things, convenience often comes at the cost of privacy. The problem is that keyboards have access to so much. When you trust a third-party keyboard, you’re giving an application a very deep level of access to your phone, including everything you type. You should seriously consider whether you trust the company who creates the keyboard to treat your data responsibly and actually secure its servers. For example, you may trust Google’s Gboard keyboard if you already trust Google with your Gmail account and other personal information, but an smaller, lesser-known company named ai.type apparently was not deserving of trust at all.

这无疑使事情变得更加便利，但是与所有事物一样，便利通常是以牺牲隐私为代价的。 问题在于键盘可以访问很多东西 。 当您信任第三方键盘时，就可以为应用程序提供对手机的高度访问，包括您键入的所有内容。 您应该认真考虑您是否信任创建键盘的公司来负责任地处理数据并真正保护其服务器安全。 例如，如果您已经用自己的Gmail帐户和其他个人信息信任Google，则可以信任Google的Gboard键盘，但是一家规模较小，鲜为人知的名为ai.type的公司显然根本不值得信任。

It’s tough, of course—we might say that Microsoft’s SwiftKey is more trustworthy than ai.type, but SwiftKey has also had its issues in the past. When you use a third-party keyboard, you’re accepting a certain level of risk because any issues with the keyboard’s servers could cause problems for you. So it’s up to you to decide: is using a third-party keyboard worth that risk?

当然，这很难，我们可以说微软的SwiftKey比ai.type更值得信赖，但是SwiftKey在过去也遇到过问题。 使用第三方键盘时，您会承受一定程度的风险，因为键盘服务器的任何问题都可能给您造成麻烦。 因此，由您决定：使用第三方键盘值得承担这种风险吗？

键盘可以在iPhone上更安全...如果您放弃功能 (Keyboards Can Be More Secure on iPhones…If You Give Up Features)

The above advice applies to both Android and iPhone, but there’s a special quirk on iPhone. While Android allows all keyboards access to the internet because the “Internet” permission has been hidden from the Play Store, Apple’s iOS denies internet access to keyboards by default. To give a third-party keyboard internet access after installing it, you have to head to Settings > [Keyboard App Name] > Keyboards and enable the “Allow Full Access” option.

以上建议适用于Android和iPhone，但iPhone上有一个特殊的怪癖。 尽管Android允许所有键盘访问互联网，因为Play商店中已隐藏了“互联网”权限 ，但默认情况下 ，Apple的iOS 拒绝互联网对键盘的访问 。 要在安装后为第三方键盘提供互联网访问权限，您必须转到设置> [键盘应用程序名称]>键盘并启用“允许完全访问权限”选项。

This makes iPhone and iPad keyboards much more secure to install and use without any privacy worries—as long as you don’t manually give them full access. The trouble is that many third-party keyboards are only useful because of this internet access—perhaps they fetch data like GIFs or links from the internet, or perhaps their more advanced personalization and recommendations only work with access to the cloud.

这使iPhone和iPad键盘的安装和使用更加安全，而无需担心任何隐私问题-只要您不手动为其提供完全访问权限即可。 麻烦在于，许多第三方键盘仅由于具有这种Internet访问功能才有用-也许它们从Internet上获取GIF或链接之类的数据，或者它们更高级的个性化设置和建议只能在访问云时起作用。

Once you’ve enabled “Full Access” for a keyboard on iOS, all bets are off and you’re just as at risk as you are on Android. There are some exceptions—for example, iOS doesn’t allow third-party keyboards to function in operating system password fields. But you’d largely be in just as much trouble as you would have been if you installed the same keyboard on an Android phone. That’s why Apple warns you so strongly when you try to give a keyboard full access.

在iOS上为键盘启用“完全访问”功能后，所有赌注都会关闭，您的风险与在Android上一样。 有一些例外情况，例如，iOS不允许第三方键盘在操作系统密码字段中起作用。 但是，与在Android手机上安装相同的键盘时相比，您所遭受的麻烦将和以前一样多。 这就是为什么当您尝试给予键盘完全访问权限时，Apple如此强烈警告您的原因。

Ultimately, it’s your call whether you want to install a third-party keyboard or not. But you should think twice. If you must have a third-party keyboard, we’d at least recommend trying to hunt down keyboards from trusted companies like Google and Microsoft rather than smaller developers you’ve never heard of. They still won’t be perfect, but at least you know who you’re dealing with.

最终，您是否要安装第三方键盘都是您的电话。 但是你应该三思。 如果您必须使用第三方键盘，我们至少建议您尝试从可信赖的公司(例如Google和Microsoft)那里寻找键盘，而不是从没有听说过的小型开发商。 它们仍然不是完美的，但至少您知道您要与谁打交道。

翻译自: https://www.howtogeek.com/335428/smartphone-keyboards-are-a-privacy-nightmare/

恶梦护士 asa