OnKeyPress vulnerability
DevNaNuvem opened this issue · 2 comments
Hello, first of all thank you for this Incredible APP. This is just awesome.
I have a matter for you. Since it uses the application text field for typing, Wouldn't it be vulnerable to "OnKeyPress()" logging that can be performed by the target application?
I believe A floating text field above the Target application text field would solve that, is that possible?
Again, thank you for this amazing idea!!! Really, I am extasiated by this concept!!
You are right, and it's not only "onKeyPress" but, in theory, the target app could read the complete unencrypted text out of the input text field just before the encryption happens.
Unfortunately this can't just be solved by a "floating text field": In order for such text field to be connected to a on-screen-keyboard, it would have to reside in a regular app, not just an overlay. So the solution would be a floating text field and a custom floating keyboard - but that would really be an overkill for me atm.
Developing an on-screen-keyboard that only populates the text fields after encryption would work? I mean, is it possible to integrates the encryption with a personalized On screen keyboard?