-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
qml: use in-app virtual keyboard for entering seed? unclear if system keyboard is safe. #8256
Comments
Qt can set hints for the virtual keyboard, see
This is passed to android and eventually to the virtual keyboard implementation. I don't know if or how it is enforced. |
from the Qt docs:
I don't think that ensures that the keyboard will not misbehave. |
Instead of implementing our own in-app keyboard, there's also the Qt Virtual Keyboard, which if I understand it correctly is pure-Qt and doesn't use the android virtual keyboard. Pros:
Cons:
|
We only really need the Latin alphabet (26 chars), space and backspace. We don't need fancy features.
It is a pity we can't restrict it to the seed-entry screen :/ I think for general-purpose textedits, users would normally expect to use the system keyboard they are used to. |
fixed in #8275 |
I think we should use an in-app virtual keyboard on the seed-entry screen on Android, in the qml app.
kivy did the same.
At the very least I want a discussion to take place about this, hence this issue :)
pics
The user might have installed any kind of custom keyboard app (swiftkey/etc), that might exfiltrate entered text either accidentally or maliciously. In general I don't think we can trust the external keyboard app for this.
Alternatively, I wonder if there are flags we can set for Android so that it brings up some trusted barebones default keyboard.
Relatedly, when testing on Android using a keyboard app that has "predictive text" features, I see that on most text fields such as setting a tx label or naming a wallet file the keyboard has predictive text enabled, but on the seed-entry screen the keyboard seems to have predictive text disabled (which is promising). I am curious, how exactly does this work / where is it set?
Re what other wallets are doing, e.g.
Phoenix uses a virtual keyboard,
but bluewallet and SBW use the system keyboard.
The text was updated successfully, but these errors were encountered: