IME keylogging is a known, serious, and frequently exploited issue that affects a substantial portion of Signal users. Signal's "Incognito Keyboard" setting didn't mention that the flag can be ignored, which was misleading and dangerous.
But yes, warning about accessibility settings if there's evidence of that being an attack vector seems like a good idea. I don't know about unsupported Android versions.
> if there's evidence of that being an attack vector seems like a good idea
Actually *most* Android malware use accessibility APIs to perform malicious action, random example from a quick Google search: https://medium.com/axdb/%EF%B8%8F-dissecting-defensor-a-stea... . That's simply because this is the most convenient way to perform malicious actions on Android without an exploit. Sure you have to convince the victim for permission, but with a nice lure people usually just fall for it.
It is much much more prevalent than malicious IMEs. Now help your "freedom in danger" friends by raising this up as a security vulnerability to Signal developers plz! /s
Do you happen to have a source for this? There’s lots of speculation out there, but I’ve never seen anyone claiming to have proof of this being frequently exploited.
IME keylogging is a known, serious, and frequently exploited issue that affects a substantial portion of Signal users. Signal's "Incognito Keyboard" setting didn't mention that the flag can be ignored, which was misleading and dangerous.
But yes, warning about accessibility settings if there's evidence of that being an attack vector seems like a good idea. I don't know about unsupported Android versions.
https://twitter.com/RealSexyCyborg/status/134995902394088652...