Is your phone’s keyboard compromising your privacy?

You wouldn’t think a smartphone keyboard could impact your digital privacy. But this is actually the case. Powered by machine learning, many smartphone keyboards apps send back samples of what you type to the company that owns them. Here to help you stay in control of what data you’re handing over, we’ve created this guide detailed the most common smartphone keyboard’s data retention policies.

Modern smartphone keyboards really are smart, even if some of us miss the days of physical keyboards or even T9 texting on a feature phone number pad. However, many of them send back samples of what you type (and speak, in the case of voice recognition “keyboards”) to their developer to improve accuracy, auto-correct choices, and predictive word or phase suggestions for auto-completion.

That’s fine if you don’t mind contributing to Google or Microsoft’s pool of data (and potentially having snippets of your messages seen or heard by a third-party contractor working on behalf of those companies).

But some phone keyboards like SwiftKey have previously leaked data include email addresses to other users in autocomplete suggestions, while the Kika Keyboard app was caught engaging in advertising credit fraud. The most egregious leaks and privacy violations get dealt with once revealed, but it doesn’t speak well to the trustworthiness of major tech firms when it comes to your private communication.

And if privacy is matter of personal safety, a leaky keyboard can be exploited by bad actors and hostile governments to render the encryption of even the most secure messaging apps irrelevant.

Open-source keyboards don’t have such unexpected little surprises built into them, as their code available to be publicly examined and audited by any interested party, but don’t have the same features as their more intrusive counterparts.

Whether you prefer privacy or value the extra quality-of-life features that that come with more intrusive apps that use human contributors and machine learning to improve their predictive text suggestions, it’s important to know the reputation and security habits of the keyboard app you use and company behind it.

iOS keyboard

This is a closed source keyboard. The default iOS keyboard Shares information with Apple if Share iPhone Analytics is enabled. With data collection enabled, it uses “differential privacy” (PDF link) to add “statistical noise” to the data it sends back for analysis, intended to make it harder to identify you from the snippets that go back to Apple for analysis.

Gboard (default Android keyboard)

This is closed source and available for Android and iOS. The standard Google keyboard allows entry via tapping, swiping your finger between letters and voice typing. It’s great to use, but sends snippets of your input back to Google by default.

You can disable this by accessing the virtual keyboard’s advanced settings via the Languages & input menu on Android, and disabling Advanced usage statistics, personalisations, and the “Improve voice and typing for everyone” option. IOS users should go to their keyboards settings and turn off the “Allow Full Access” option.

Microsoft Swiftkey

A closed source keyboard that’s very popular. It’s a swiping or “gliding” keyboard for Android and iOS, SwiftKey was bought by Microsoft in 2016. It collects data to improve its predictive features by defaults. Unlike many of its most popular rivals, SwiftKey provides an extensive guide to disabling and managing data collection and word prediction.

Grammarly Keyboard

This is also a closed source product. The entire point of Grammarly is that it carries out extensive analysis of user input in order to help you make your use of language more correct and elegant. Grammarly is very clear about what data it collects on iOS and in general, but the only way to stop it from collecting sample data from your writing is to disable it.

OpenBoard

A fully open source keyboard, OpenBoard is only available for Android, but it’s my go-to choice for phone typing. It doesn’t collect or share you data with anyone, and supports all the languages I use, but you’re restricted to screen tapping, as there’s no swipe typing feature.

You can get it on both the Google Play store and on the open source F-Droid repository, so devices running de-Googleized operating systems descended from Android can also use it.