3rd party keyboards are awesome and allow a lot of functionality but… keyboards like Grammarly are practically keyloggers, sending every keystroke to a remote server. Please! when opening the bitwarden app could you disable all 3rd party keyboards? I’ve seen this done in other apps such as “Onion Browser” in the App Store. This is a pretty serious privacy issue.
The default keyboard on Pixel devices is Google Keyboard, which sends data back to Google. This would be a useful feature but only if you have the ability to toggle it on and off, or you can save trusted keyboards.
Good point. Another solution is for bitwarden to make their own keyboard that is guarenteed to send no information
Bitwarden could add incognito (int IME_FLAG_NO_PERSONALIZED_LEARNING) in their Android app:
Flag of imeOptions: used to request that the IME does not update any personalized data such as typing history and personalized language model based on what the user typed on this text editing object. Typical use cases are: When the application is in a special mode, where user’s activities are expected to be not recorded in the application’s history. Some web browsers and chat applications may have this kind of modes. When storing typing history does not make much sense. Specifying this flag in typing games may help to avoid typing history from being filled up with words that the user is less likely to type in their daily life. Another example is that when the application already knows that the expected input is not a valid word (e.g. a promotion code that is not a valid word in any natural language).
But then Bitwarden users need to be aware that the flag is not a guarantee and some IMEs may not respect it at all. No idea if something similar is available for third party iOS developers or if Apple only allows their own apps to force the default keyboard without logging.
Thanks for the research. I’m not completely sure on the technical side of things for IOS but I’m pretty sure it’s possible.