Orca 🌻 | 🎀 | 🪁 | 🏴🏳️⚧️<p><span>虽然很多人应该已经知道了:<br>手机上的搜狗输入法会给服务器发送手机上安装的所有应用的列表(当然也包括你安装的:Telegram,Signal,Element,Shadowsocks等)。<br><br>来自公民实验室的报告:</span></p><blockquote><span>As one other example of the kind of transmitted data vulnerable to this attack, we observed that for EncryptWall requests sent to </span><code>http://v2.get.sogou.com/q</code><span>, when “U” was </span><code>http://update.ping.android.shouji.sogou.com/update.gif</code><span>, </span><b><span>“P” was a query string containing a list of every app installed on the Android device</span></b><span>. We are unaware of what feature this data transmission is intended to implement. While one can imagine knowing which app a user is presently using may be useful for providing better typing suggestions in that app, it is difficult to imagine how knowing every app that a user has installed can provide better typing suggestions, even apps which users do not intend to use with Sogou Input Method.</span></blockquote><a href="https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/" rel="nofollow noopener noreferrer" target="_blank">https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/</a><span><br><br></span><a href="https://nya.one/tags/搜狗输入法" rel="nofollow noopener noreferrer" target="_blank">#搜狗输入法</a><span> </span><a href="https://nya.one/tags/隐私" rel="nofollow noopener noreferrer" target="_blank">#隐私</a><span> </span><a href="https://nya.one/tags/安全" rel="nofollow noopener noreferrer" target="_blank">#安全</a><p></p>