Does an open source keyboard exist for iOS that respect your privacy?

Does apple get what you type on the keyboard in their servers?

  • RovingFox@infosec.pub
    link
    fedilink
    arrow-up
    17
    arrow-down
    2
    ·
    edit-2
    10 months ago

    Even if the keyboard is open source, you cannot guarantee that the app that is installed by the app store is the open source version.

    • tsonfeir
      link
      fedilink
      arrow-up
      12
      arrow-down
      1
      ·
      10 months ago

      The same can be said about any binary as well.

      • RovingFox@infosec.pub
        link
        fedilink
        arrow-up
        4
        arrow-down
        2
        ·
        10 months ago

        Not true, you get the open source code and you compile it yourself then compare the checksum of what you compiled with app installer. If they match that means they didn’t add extra code besides whats in the open source.

        • tsonfeir
          link
          fedilink
          arrow-up
          12
          ·
          10 months ago

          Yes, the binary downloaded from an open source project might be different from the binary compiled on your own computer, even if they are from the same source code. Here are a few reasons why this can happen:

          1. Compiler Differences: Different compilers or different versions of the same compiler can produce binaries with variations in performance and size.

          2. Build Environment: The environment in which the binary is compiled, including the operating system and its version, libraries, and other dependencies, can affect the outcome.

          3. Configuration Options: Most open source projects have various configuration options which can be enabled or disabled during the build process. The pre-compiled binaries might have a different set of configurations compared to what you choose when compiling it yourself.

          4. Optimization Levels: Compilers have different optimization levels and settings. The binary provided by the project may be optimized for general compatibility, while you might compile with optimizations specific to your hardware.

          5. Patches or Modifications: The official binary might include patches or modifications that are not present in the source code you downloaded, especially if it’s from a different branch or a snapshot of the repository at a different time.

          6. Reproducible Builds: Some projects aim for reproducible builds, where the same source code should generate an identical binary, but this is a challenging goal and not all projects achieve it.

          Always ensure that you trust the source of any pre-compiled binaries, as they could potentially include malicious code not present in the source.

          ❤️

          • intrepid@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            10 months ago

            You’re right of course. But just to add - ‘reproducible builds’ is an ongoing attempt to make hash comparisons practical.

            • tsonfeir
              link
              fedilink
              arrow-up
              1
              ·
              10 months ago

              It’s also a lot easier to do this on a desktop/server environment. Doing this on a popular mobile device would be difficult, and would require the OS developer be involved (and I doubt Google or Apple would be that open)

  • Lodra@programming.dev
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    1
    ·
    10 months ago

    While the other responses so far have good info, none has offered a useful answer. Yes, apple collects data, but thankfully don’t sell it to the world. Buying a new phone isn’t a trivial expense so some of us are stuck for a bit. As a fellow IOS user (for now), I too would like to hear some more options.

    The best I’ve found so far is Typewise. They claim to be private and secure but it’s closed source so so knows. Apple gets to review their code when submitting to the app store which says that Typewise collects some data but none of it is linked to the user. It’s freemium. Unfortunately, I don’t like their keyboard. Swipe typing is my personal requirement🙂

  • Sume@reddthat.com
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    7
    ·
    10 months ago

    Maybe you shouldn’t be using an iPhone if you want to download alternative apps

  • airikr@lemmy.ml
    link
    fedilink
    arrow-up
    13
    arrow-down
    7
    ·
    10 months ago

    Apple and privacy does not come hand in hand.

    Apple have their own eco system that are fully closed source. If you want to install apps from another place than from AppStore and if you don’t live in EU, good luck.

    If you want privacy, choose a custom ROM of Android that respects your privacy (like GrapheneOS) or (better yet) choose Linux. But to be honest, Android from Google (no custom ROM) do have better privacy options compared to iOS, mainly thanks to being able to installing and using apps with no Google account whatsoever.

    And to answer your second question: Is your phone’s keyboard compromising your privacy?

    • Lodra@programming.dev
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      As the person criticizing the top level comments, I just want to say thanks. This is a straight answer and an option that I wasn’t aware of. Looking into it!

  • Coasting0942@reddthat.com
    link
    fedilink
    arrow-up
    2
    ·
    10 months ago

    Apple gets your voice recordings which for various privacy laws they can’t resell. “Yay wiretap laws from the 50s”

    As for typing, a quick search, apple support claims that the keyboard cache is only used for autocorrect purposes. How often you use a word and how you like to spell it.

    Having it function as a keylogger would give them a headache, from data use, battery life, hackers exploiting it, etc.

    And of course the warnings seem targeted at third party keyboards who can add on extra feature beyond IOS barebones.