Question about keyboard

Teursu144 considering apps, even without internet access, can still communicate with each other (and by this access the internet). I personaly would not take the risk, and just use some other keyboard.

But this is just speculation bascially.

Its probably fine to use like this if your threat model is not that high

dhhdjbd it should be noted that GBoard is most certainly designed to talk to Play Services. If Play Services is installed in the same user profile, GBoard data will likely be sent through that, if it has network access.

Does anyone have any evidence that Gboard does not respect its privacy toggles for disabling data collection?

Its probably fine to use like this if your threat model is not that high

Personally, I don't consider my threat model to be "high". But still I would consider it highly invasive to my privacy if an app collected all my typing data and sent it off to the internet. If that data was published anywhere for other people to see, I imagine I would feel considerably nervous.

I have yet to see any evidence that Gboard does not respect its privacy toggles. Happy to be proven wrong though.

fid02 perhaps it respects that particular toggle which is useless when it works in conjunction with Play services which aid IPC and cookie, identifier and other data collection. Check out work of Doug Leith.

https://www.scss.tcd.ie/Doug.Leith/google_play_services.php

DeletedUser227 Can't see that that source says anything about data collection when Gboard's privacy settings are set to not send data.

Speculating about data extraction through IPC is nothing more than speculation.

fid02 the fact remains that IPC exists and metadata is also data, sometimes contextually more important than actual data which is by default protected by app sandbox and permission control.

When weighing options within security and privacy scopes, I would always choose the better option, unless their objectives clash. Then I would always choose privacy first. There are always alternatives. I already use GrapheneOS hardening to maximum reasonable effect.

Last but not least, remember that Google ecosystem was not developed with your best interests at heart but theirs and only theirs so for that purpose you don't always need to run to their defense, they don't need it and they tirelessly work on new methods of implementing tracking technologies that would, surprise, work to their advantage.

This thread basically does discuss this already

https://discuss.grapheneos.org/d/12062-can-sandboxed-google-play-services-collect-data-from-gboard/29

And again I think some people seem to reason that:

Thing X is technically possible.
Company Y is generally known for collecting usage data on their users.
Therefore, company Y is doing thing X to collect sensitive data from app Z without consent.

Last but not least, remember that Google ecosystem was not developed with your best interests at heart but theirs and only theirs so for that purpose you don't always need to run to their defense, they don't need it and they tirelessly work on new methods of implementing tracking technologies that would, surprise, work to their advantage.

I'm not surprised that my question about evidence of data collection from a Google app is taken as me somehow "defending" Google. My general impression is that posters in online privacy communities are rarely interested in engaging in nuanced discussion, or to reflect on whether their beliefs are grounded in evidence. This community is usually, sometimes, an exception.

Clearly lots of users here are concerned about Google acting like some kind of malware distributor by distributing an app harvesting data even when the option to opt in is disabled. There are many past posts in this forum expressing this concern. But has anyone actually tried to MITM Gboard's connections to check what data it's sending when the data collection options are disabled? Is there any concrete evidence on this subject at all? Or even concrete indications?