The only app I can’t live without. Except for gboard, all of my applications are Foss. There is no competition for gboard’s swipe typing, not to mention its many capabilities like as searching for gifs, stickers, being able to paste copied images, translating, and so on. I’d like to know how I can use gboard while maintaining my privacy. According to what I’ve heard, it sends all typing data to Google’s server. If you ask me, that’s a massive no-no. Do you have any suggestions?
OpenBoard, Florisboard, AnySoftKeyboard
THERE ARE ALTERNATIVES, PEOPLE!
I installed all three.
OpenBoard has no swiping support at all.
AnySoftKeyboard is glitchy, moving the cursor around unexpectedly and inserting spurious characters.
FlorisBoard’s swiping is very inaccurate, to the point that it’s barely faster than typing characters one-by-one.
I hope this situation improves soon…
Well uhhh, kinda late, but the “original” openboard project hasn’t got an update in like, 12 months. There are forks, though.
Fork with glide typing - Haven’t received an update in 11 months https://github.com/erkserkserks/openboard
“New” fork: https://github.com/Helium314/openboard
Good to hear. Hopefully at least one of these forks lands in F-Droid soon.
this
Give OpenBoard with gesture typing a shot. No gifs and stuff, but gesture typing works together with suggestions, unlike either base OB or Floris. Someone casually mentioned it a few weeks ago and damn how much my life changed.
I’m so thrilled right now! I’m already typing this reply on OpenBoard and I’m loving it.
Gboard was also a big hurdle to my need to degoogle my phone. But not anymore!
Thank you so much. You’ve brighten my day. I’m both happy for knowing this and for finding about it on the fediverse.
BTW that still uses Google’s proprietary gesture typing library internally: https://github.com/wordmage/openboard/commit/46fdf2b550035ca69299ce312fa158e7ade36967
There’s still no good FOSS alternative to Google’s library though so it is what it is.
Thanks! The only thing I don’t like is that I can’t have arrow keys. It’s immediately better than SwiftKey for sure, so I’ll adjust.
You can use swiping on the space bar to move left and right at least.
AnySoftKeyboard has arrow keys and more gestures, but it’s not as refined overall imo.
Floris Board has gestures to move around IIRC, but not at the same time as gesture typing, and is lacking word suggestions.
Awesome! Using space to go left and right is good enough for me!
Thanks a ton for that. I got to really liking OpenBoard since I started using it.
F-Droid has a lot of security issues(if you care about security), use Neo Store if you want access to F-Droid apps with a more secure app.
EDIT: Even better to use Obtainium and add the links of the APP’s own Github/GitLab repo to it.
A tempting idea would be to compare F-Droid to the desktop Linux model where users trust their distribution maintainers out-of-the-box (this can be sane if you’re already trusting the OS anyway), but the desktop platform is intrinsically chaotic and heterogeneous for better and for worse. It really shouldn’t be compared to the Android platform in any way.
This is, quite frankly, borderline misinformation. Malicious packages in Linux distributions are unheard of. Malicious apps in the allegedly-more-secure Google Play, on the other hand, are a dime a dozen.
The downplaying of the importance of reproducible builds further diminishes my opinion of this piece.
I’m going to go ahead and continue using F-Droid, thanks.
What exactly are you trying to point out ?
From your quote: “It really shouldn’t be compared to the Android platform in any way.”
And where exactly does it downplay reproducible builds ? “reproducible builds are not as common as we would have wanted.”
“I’m going to go ahead and continue using F-Droid, thanks.” Good friend, do whatever it is you want to do.
I’m just trying to spread security awareness.
EDIT: “Saying Play Store is filled with malicious apps is beyond the point: the false sense of security is a real issue. Users should not think of the F-Droid main repository as free of malicious apps, yet unfortunately many are inclined to believe this.”
From your quote: “It really shouldn’t be compared to the Android platform in any way.”
I quoted that because it’s part of the borderline misinformation. Security is security. Malware is malware. Android isn’t magical and neither is desktop Linux. They absolutely can be meaningfully compared.
And where exactly does it downplay reproducible builds ? “reproducible builds are not as common as we would have wanted.”
Ah, you’re right. I misread that part, sorry.
I’m just trying to spread security awareness.
So am I. I’m an ornery old Linux nerd and security snob. I’d excise all proprietary software from my home and office if I could, precisely because it has such an appalling track record and the blatantly unnecessary attack surfaces of DRM and telemetry.
Can F-Droid be more secure than it is? Sure. Do the issues described in this paper mean F-Droid is so rampantly insecure that even Play is safer? Absolutely not.
By the way, I’m not sure I understand how Neo Store is supposed to be more secure, as it’s supposedly just an alternative UI for F-Droid. As for Obtainium, it’ll protect you from malfeasance or compromise on the part of the F-Droid repository, but it won’t protect you from malicious app developers, and unless I’m mistaken, the latter is a much more common threat.
“I quoted that because it’s part of the borderline misinformation. Security is security. Malware is malware. Android isn’t magical and neither is desktop Linux. They absolutely can be meaningfully compared.”
That’s why the author said it’s tempting. You cannot compare desktop Linux to Android. Android is light-years ahead in terms of security than desktop Linux will ever be.
If you install Debian on your machine then that means you trust the Debian developers. If you trust the Debian developers then that means that you trust their repositories. The same cannot be said about Android. If you, for example, install GrapheneOS you’re trusting the graphene developers for the OS and the individual developers for their individual apps you install on your phone.
On Android a compromised user doesn’t have root, on ordinary Linux desktops, a compromised non-root user with access to sudo is equal to a full root compromise. On a Linux desktop with Xorg you can easily keylog everything with one malicious app(that app automatically gets these permissions without prompting you), with modern Android that’s not even an option(you’d need to accept all of these invasive permissions yourself, unless the app has a zero day that can bypass permissions).
The list goes on and on and on. You can read more here
“Ah, you’re right. I misread that part, sorry.”
No biggie :D
“By the way, I’m not sure I understand how Neo Store is supposed to be more secure, as it’s supposedly just an alternative UI for F-Droid.”
Neo store has the highest target SDK currently so it can use security and privacy APIs that Android provides with each new version. That alone is one of the biggest reasons to use neo store over native F-Droid. It shows you the target SDK, permissions (Way more understandable than whatever F-Droid does) & trackers for the apps you want to install. So you can make a more informed decision if you want that app installed.
“As for Obtainium, it’ll protect you from malfeasance or compromise on the part of the F-Droid repository, but it won’t protect you from malicious app developers, and unless I’m mistaken, the latter is a much more common threat.”
You are adding more attack surface when using F-Droid, but when using Obtainium, you have one less attack surface. Instead of worrying about malicious F-Droid developers and malicious app developers, you only worry about the latter. Malicious app developers can still publish to F-Droid without F-Droid getting compromised.
Any chance u can explain how Neo Store is more secure?
iirc fdroid utilizes very old api which is problematic as newer api gets newer security features droidify and neostore both are more modern
Neo Store can enable automatic updates for apps downloaded from F-Droid.
And how does that make it more secure?
I don’t think it would make F-Droid itself more secure, but it’s best to get possible security updates for apps sooner with auto-updates.
There’s a fork of OpenBoard with swipe typing at https://github.com/erkserkserks/openboard
I’ve found this to be better than any of the alternatives.
I use the same, it’s just openboard + the propetary swipe lib
A lot oft ROMs allow you go completely disable Internet access for a certain app. Disabling the data collection toggles in GBoard and disabling internet access for GBoard, Play Services, Play Store and the Google App should prevent most logging.
Does Lineage allow this? It’s the rom I’m considering for my Galaxy Note 10
Sorry for the late reply but yes, this works on Lineage, one of the reasons I’m using it!
If you’re on calyxos, grapheneos, or lineageos you can disable network permisions for that app. If not, use netguard as a firewall and block it.
I dropped gboard and started using FlorisBoard. It’s a lot more crude and don’t have the same features, but I’m very happy with it and will not go back.
I preffer my privacy over features, and using the software and reporting feedback helps it betting better.
We really need to ditch Google.
I use the AOSP keyboard with this magisk module.
I use SwiftKey with internet access turned off. Works well enough though obviously the gif and stickers won’t work.
I don’t know how much of a difference it makes in terms of Gboard phoning home, but you can disable a bunch of data sharing options in the Privacy section of Gboard’s settings:
FOSS is not just about privacy! Freedom is that important reason you should care about. FlorisBoard is my suggestion for you.
Used FlorisBoard for a good while, it’s the perfect replacement imo. I don’t remember exactly but there was a certain feature missing for me so I uninstalled it but it may have been implemented by now.
I checked every keyboard on F-Droid, Floris is the best keyboard you can find now.
Well outside of F-droid (for some reason) is OpenBoard with gesture typing
I only trust F-Droid and I don’t install any apps from outside of it!
Yesterday I installed Grapheneos so I’ve swapped to florisboard. Not bad but it’s very specific on where you swipe using gestures. I’m slowly getting used to it but gboard was a lot more forgiving.
Why Gboard is better at gestures? That’s because it tracks you.
Badum tssss :D
I use OpenBoard from F-Droid.
I use a fork of OpenBoard with Swipe Typing libraries added to it.
Any idea why that isn’t in F-Droid?
I’m not sure, that’s a question for the Dev.
Some of the reason may be the hastle of rebranding, having two Openboards would be confusing so the fork would need to change names and icons and such. Some of it is also be this is for personal use, and we happen to find it, so they may not be interested in the expectation of maintaining it beyond their own useage. Some of it may be this is good enough, Openboard’s release cycle is pretty slow so the fork doesn’t need to be updated and released often, so an APK on Github downloaded twice a year is good enohgh for them.
I hate Gboard. So I use SwiftKey which is the best one.
What’s wrong with this?
I’ve been using it for a couple weeks, and it’s a lot slower than gboard. No swiping support, suggestions aren’t as refined, and basically impossible to use one handed.
It does have swiping though. It’s ripped straight put of gboard.
The version I’m using (from f-droid repo) does not have swiping. You might have a fork? Someone mentioned that elsewhere in the comments, I was not aware it existed.
I use it without giving network permission
Network permission? How did you disable network access?
Settings -> Apps -> All Apps -> Gboard -> Permission -> Network -> Don’t allow
Network isn’t listed as a permission used or requested or denied to this app. Using Samsung S22.
It’s a custom rom thing, when you never use stock roms you tend to forget what’s stock and what’s not.
Very annyoing that stock android doesn’t have this feature.
I’m using exclusively custom roms for years now.
My bad
