Mobile Privacy

Third-Party Keyboard Apps: The Middleman Reading Everything You Type

July 5, 2026 7 min read Haven Team

When Android users enable a third-party keyboard, the operating system shows a warning most people dismiss in under a second: this app may be able to collect all the text you type, including passwords and credit card numbers. That warning is not boilerplate caution. It is a precise description of what a keyboard app is.


A keyboard app occupies the single most privileged position in your phone's data flow. Every message before it is encrypted, every search before it is submitted, every password before it is hashed: all of it passes through the keyboard as plaintext keystrokes. End-to-end encryption protects a message in transit, as we cover in what E2E encryption actually protects, but the keyboard sits upstream of the encryption. It sees what you typed, in the order you typed it, before any protective layer exists.

That does not make third-party keyboards malicious. Most are built by teams who understand exactly this responsibility. But it makes the keyboard a component where the difference between a careful vendor and a careless one is the difference between a tool and a wiretap.

What a keyboard can technically collect

On both major platforms, an input method sees the raw text you compose, the app you are typing into, and usually the text field's context (the operating system tells keyboards whether a field is an email address, a URL, or a password, so they can adjust layouts). Keyboards with network access can transmit any of this. Keyboards with cloud features (sync, personalized predictions, translation, GIF search) transmit some of it by design.

The platforms draw the lines differently:

The structural point

Permission prompts govern what an app may do at its worst moment, not what it does on an average day. A keyboard vendor's privacy policy can change after acquisition, and the app in your keyboard slot updates silently. You are trusting a supply chain, and every future owner of it, with your keystrokes.

When it has gone wrong

This is not a hypothetical risk profile. The keyboard category has a documented history of failures across every failure mode you would predict.

In December 2017, security researchers at Kromtech found a publicly exposed database belonging to ai.type, a popular Android keyboard. It contained personal data on more than 31 million users: names, phone numbers, locations, and in some records the contents of contact lists. The data existed on a server at all because the keyboard uploaded it. Two years later, the mobile security firm Upstream reported that ai.type was making unauthorized premium purchase attempts from users' devices.

In 2016, Microsoft's SwiftKey suspended its cloud sync service after users reported seeing strangers' email addresses appear in their own prediction suggestions: a cross-contamination bug in the personalization pipeline. In 2017, AdGuard researchers reported that GO Keyboard, with tens of millions of installs, transmitted personal data to remote servers and downloaded executable code at runtime, in violation of Play Store policy. And in 2015, a flaw in the keyboard preinstalled on Samsung devices (CVE-2015-2865) allowed an attacker in a network position to inject code through unencrypted keyboard language-pack updates.

Four different vendors, four different failure modes: deliberate over-collection, cloud sync leakage, covert behavior, and an insecure update channel. The common factor is the position of the component, not any one company's ethics.

Predictions are a keystroke database

Even a well-behaved cloud keyboard creates a second copy of your writing patterns. Personalized prediction works by building a model of what you type: names, addresses, recurring phrases, private vocabulary. When that model syncs across devices, your typing history lives server-side under whatever retention policy the vendor operates. It becomes one more database that can be breached, subpoenaed, or repurposed, joining the pattern we describe in the free apps privacy problem: when a free product needs revenue, accumulated user data is where it looks.

Your typing rhythm itself is also identifying. The timing between keystrokes is distinctive enough to fingerprint individuals, a technique covered in our post on keystroke dynamics. A keyboard is the one app that observes this signal continuously and everywhere.

Choosing sanely

The good news is that this is one of the few privacy problems with clean, low-effort fixes.

The keyboard test

A useful habit when evaluating any app: ask what the app is in a position to see, rather than what it promises to do. For most apps the answer is bounded. For a keyboard the answer is everything you type, which means the bar for adding one should be correspondingly high. A keyboard earns its place on your phone the same way any component earns a place in a secure system: by needing the least trust, not by asking for the most.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →