In a recent update to the HSBC app they’ve added a screen to prevent you from using the app unless you use the default (google) keyboard.

They do a similar thing if you have an accessibility service running that can access the screens content. A fair enough security warning if you’ve happened to install a dodgy keyboard app, but highly frustrating when using an open source alternative that enhances the security and privacy over the default option (HeliBoard in my case).

I haven’t found a way to circumvent the page yet. It would be useful if Android allowed you to block the permission to query all packages, but alas.

  • Admiral Patrick@dubvee.org
    link
    fedilink
    English
    arrow-up
    57
    arrow-down
    1
    ·
    6 days ago

    If my bank’s app ever forces me to choose between my keyboard of preference and their app, it’s their app that’s getting uninstalled.

    • jet@hackertalks.com
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      6 days ago

      I think it’s a great option to warn people about. Or even force switching of the keyboard for that one app. But it shouldn’t require you to set a system sitting.

    • ccunning@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      5 days ago

      Have the security risks associated with third party keyboards been mitigated somehow? I made the decision not to use them years ago and have never revisited it.

      • HereIAm@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        4
        ·
        5 days ago

        Of course there will always be some risk. But HeliBoard and some other keyboard apps are open source and can be audited. I’d trust (I know, you should do your own homework) the more popular ones have a lot of eyes in them.

        • Dizzy Devil Ducky@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 days ago

          As someone who doesn’t have the time, skill, or knowledge to audit open source projects, I agree on the trusting more popular open source keyboards (and by extension popular open source projects in general).

      • GlenRambo@jlai.lu
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 days ago

        Fist party keyboards have the exact same permissions. The code is hidden though and noone can audit it.

        • lka1988@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          6 days ago

          Bingo. I will happily go out of my way to modify things, and if the methods provided to hide root/bootloader ststu from any particular app don’t work, then that app gets uninstalled.