Some Android phones come out of the box with the TouchPal keyboard (which for the record is also available for iOS). The cool thing about this keyboard is that it allows for quick and easy typing and ease of entry of Emojis. Plus it allows for the usage of languages such as Chinese and Arabic among many others. The not so cool thing is that while it is a free keyboard, it has an ad based model. In other words, ads display as you use the keyboard and even on the lock screen. HTC got blasted by users for this recently as their phones come with the TouchPal keyboard. But this isn’t a new issue as blogger Dan Levy noted when he reviewed the ZTE Axon back in 2016. He also noted the fact that when he reached out to TouchPal on Twitter, their response to is query as to why there were ads was to say that they had to make money somehow. Seriously, they did say that and he has the screenshots to prove it.
#PRFail
Here’s the biggest problem with the whole TouchPal ad issue. I think it’s one thing if you choose to download a “free” keyboard that is ad supported. After all, Google Play tends to warn you about that sort of thing and you’re making a choice to use a product that is ad supported. But when it comes bundled with a smartphone that I just paid a lot of money for, I think you should have a reasonable expectation to get something that is ad free. After all, why should I be effectively paying a smartphone vendor to display ads on my brand new smartphone? That doesn’t make a whole lot of sense to me.
As a result, you may be thinking that you want to ditch this keyboard if you either installed it from your favorite app store, or you got it with whatever Android phone you have. The question is, what are good replacement keyboard options? I’ve complied four very replacement options for your perusal:
Google Keyboard: The best option for Android uses may be to simply use the Google Keyboard which is also free. The Google Keyboard has gesture typing, a learning dictionary that saves words you introduce to it, text expansion built-in, personalized predictive text based on your typing habits, speech-to-text features, and support for 120 languages.
SwiftKey: SwiftKey uses Artificial Intelligence to automatically learn your writing style, including the emoji you love to use (if you use emoji), the words that matter to you and how you like to type. That means autocorrect and predictive text that actually works because it adapts to you. It supports a large number of languages as well. It’s also free without relying on ads.
Swype: This was the original swipe-to-type/gesture-typing keyboard, and it still comes on a number of Android headsets by default. It supports a ton of languages and gets high praise from Android users. The company does have free and paid options. But the paid option is beyond cheap being under $2 so I would seriously recommend going that route.
Fleksy: It’s a minimalist keyboard with insanely great accuracy, high customization, and support for 47 languages. This is a keyboard that is designed for tap-typists, not people who love or are used to gesture-typing. If that’s you, the $5 that this app is worth is money well spent.
Are there other Android keyboards that you would recommend? Please leave a comment below and share your thoughts.
UPDATE: I got a Twitter direct message from Dan Levy pointing out that TouchPal is capable of taking over your lock screen and serving up ads even if this isn’t your default keyboard. He pointed me to a thread on Android Central that discusses how to disable this “feature.”
UPDATE #2: ZTE reached out to me to say the following:
The version of TouchPal’s keyboard that is pre-installed on ZTE devices does not contain or display advertisements. Users will only see ads in the TouchPal theme store if they install/update to the Google Play version of TouchPal. The two versions are different, with the Google Play version being ad-supported. Of course, users are also free to install other keyboards on any ZTE device
Hackers Claim They Can Pwn Apple Pay Via WiFi
Posted in Commentary with tags Apple on July 28, 2017 by itnerdThis week in Las Vegas is the Black Hat conference. This of course is the conference where hackers of all descriptions will show up to show off security related research and show how to pwn everything. Case in point is research by Positive Technologies that The Register is reporting on where they have two attack vectors for Apple Pay. The first one requires malware to be injected into a jailbroken device. Thus illustrating why you should never jailbreak a device. But the second attack vector does not require a jailbroken device and utilizes WiFi:
The first step in the second attack is for hackers to steal the payment token from a [targeted] victim’s phone. To do that, they will use public Wi‑Fi, or offer their own ‘fake’ Wi‑Fi hotspot, and request users create a profile. From this point they can steal the ApplePay cryptogram [the key to encrypting the data].
Apple states that the cryptogram should only be used once. However, merchants and payment gateways are often set up to allow cryptograms to be used more than once.
As the delivery information is sent in cleartext, without checking its integrity, hackers can use an intercepted cryptogram to make subsequent payments on the same website, with the victim charged for these transactions.
Take home message. Don’t use WiFi when you use Apple Pay. But even if you don’t use WiFi, you have to wonder how long it will be before hackers figure out how to pull off an attack like this over a cellular network. If that is in the works, they better hurry because the researchers informed Apple about these attack vectors. Which means that Apple is likely working on a fix. Though, there might be a problem with that:
Fixing the issue will require action from all points in the chain, including the banking merchants, payment gateways, and card issuers, the security firm claimed.
We’ll see if Apple gets that co-operation to close this attack vector.
Leave a comment »