Possibility of adding the Bépo keyboard?

[deleted]

Please note: The "Apps (app repo client)" tag is for when the GrapheneOS App repository is being discussed hence the tag's title.

Stewart

Yes, I saw, I have a mistake.

I hope the GraphenOS team will consider my request anyway.

[deleted]

Stewart I'd say unlikely judging by keyboard related chatter on Twitter.

Stewart

Ah yes, it's clearly not a priority, I thought the AOSP keyboard was final, I didn't think the team was aiming to replace it.

Anyway, thanks for the reply.

TranceSeven

Stewart Currently, to use the Bépo keyboard, I have to use a third-party application (OpenBoard), but it hasn't been updated since 2022, which can pose security problems.

There's a fork of OpenBoard (https://github.com/Helium314/openboard) that has had many updates. Maybe this will be useful to you.

Stewart

TranceSeven

Great, I didn't know there was a fork of the app, I thought it was discontinued, thanks.

Ammako

TranceSeven This fork is actually worse as far as security concerns go, given that they let the app load arbitrary libraries for glide typing (huge security hole, if you download a library that turns out to be malicious...)

You probably dont even need to download a malicious library either; if the code ever has vulnerabilities and some other exploit elsewhere on the device is able to gain access to this, it could force a malicious library in to allow an attacker to do things that exploit protections may have otherwise prevented.

bayerelm

Stewart Currently, to use the Bépo keyboard, I have to use a third-party application (OpenBoard), but it hasn't been updated since 2022, which can pose security problems.

Genuine question: is that an actual concern for a keyboard? I understand this argument for most apps, especially if they can access the internet, but that's not the case here.
I use openboard as my primary keyboard and love it. Should I stop and go back to the default one?

Stewart

bayerelm` Genuine question: is that an actual concern for a keyboard? I understand this argument for most apps, especially if they can access the internet, but that's not the case here.
I use openboard as my primary keyboard and love it. Should I stop and go back to the default one?

The application has finally been updated (https://github.com/Helium314/openboard).
I think (this is just my opinion) that any application, whether connected to the Internet or not, needs to be updated to avoid software and hardware security flaws, even if the risk is very low.

rarelyrare

On the topic of using a custom keyboard. I stopped using a custom keyboard because it would freeze on my pixel 7. I don't know if device ram ran out or what but it wpuld always freeze the custom keyboard and I would have to force stop it and reopen it like once every few days. So I just fully switched to the main aosp keyboard and never freezes.

fl1pper

Ammako If you get an exploit that gets access to that kind of stuff, it can already do a lot of bad things even without injecting such libraries...

TranceSeven

Agreed. They even show a warning at the time of selecting the library location.