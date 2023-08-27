For millions of Chinese, the first software they install on a new laptop or smartphone is always the same: a keyboard app for easy typing in Mandarin. But only a few users are aware that everything they type could be saved. The reason for using such programs: Since dozens of Chinese characters can have the same Latin phonetic transcription, the QWERTY keyboard (here: QWERTZ) used in the West is very inefficient on its own. A smart custom keyboard app can save a lot of time and frustration at work by predicting the characters and words a user is likely to type. Over 800 million people in China are now using third-party keyboard apps, be it on desktop, notebook or mobile.

Advertisement

They are taking great risks by doing so. A recent report by Citizen Lab, a University of Toronto research group specializing in technology and security, which has already uncovered numerous cases of espionage, now shows that Sogou, one of the most popular Chinese keyboard apps, has massive security gaps. “This is an app that handles very sensitive information – with every single input,” says Jeffrey Knockel, senior research fellow at Citizen Lab and co-author of the study. “We wanted to take a closer look and see if this app properly encrypts the data it sends over the network – or if there’s a chance eavesdroppers could decode it.” In fact, Knockel and his colleagues found that the encryption methods used by Sogou are insecure. There are ways to intercept data even while users are typing.

Sogou, which was acquired by tech giant Tencent in 2021, was quick to close the gap after researchers at Citizen Labs brought it to the company’s attention. “User privacy is fundamental to our business,” a Sogou spokesman told MIT Technology Review. We have fixed the issues uncovered by Citizen Lab and will continue to work to ensure that user data remains secure. “We disclose our data processing activities transparently in our privacy policy and do not share user data.”

But there’s no guarantee that this was the only vulnerability in the app, and the researchers haven’t examined any of the other popular keyboard apps in the Chinese market. This means that the ubiquitous programs continue to pose a security risk to hundreds of millions of people. And alarmingly, the potential for this makes otherwise encrypted communications by Chinese users — for example, via normally secure apps like Signal — vulnerable to government surveillance.

An indispensable part on mobile phone and PC

Officially known as Input Method Editors (IME), keyboard apps are required for typing in languages ​​with more characters than a traditional Latin alphabet keyboard allows, such as Latin. B. in languages ​​with Japanese, Korean or Indic characters. For Chinese users, an IME is actually a necessity.

“There’s a lot of ambiguity when entering Chinese characters using the Latin alphabet,” said Mona Wang, an Open Technology Fund grantee at Citizen Lab and a co-author of the Sogou report. Since the same phonetic spelling can map to dozens or even hundreds of Chinese characters — and these characters can also be combined in different ways to form different words — a Chinese-language keyboard app usually works much better than the standard keyboard.

Advertisement

Since the PC era, Chinese software developers have offered all kinds of IME products to speed up typing. Some of these even dispense with the phonetic spelling, allowing users to “draw” or select the constituent parts of a Chinese character. As a result, downloading third-party keyboard software has become standard practice for nearly all Chinese.

The Sogou Input Method program, which was first launched in 2006, quickly became the most popular keyboard app in the country. The software was better than any other at predicting what character or word the user actually wants to type by querying text from the Internet and by having an extensive library of Chinese words itself. This cloud-based library is frequently updated to include new words, popular phrases, or people’s names from the breaking news. When Google launched its own Chinese keyboard app in 2007, it even copied Sogou’s word library (and later had to apologize for it).

In 2014, when the iPhone first supported third-party IMEs, Chinese users jumped at it. Sogou’s keyboard app became a hit, with users leaving 3,000 reviews in just one day. At one point, over 90 percent of Chinese PC users were using Sogou. Last year, however, Baidu Input Method (from the Chinese internet giant of the same name) was the leading keyboard app in China with 607 million users and a market share of 46.4 percent. But Sogou still had 561 million users, according to analytics firm iiMedia.

To home page

Share this: Twitter

Facebook

