[jstanley]

> Doesn't the CCP already have its nose in all of the manufacturers' OSes already?

What specifically are you saying here? Are you suggesting that every Chinese person's phone is sending off their keyboard inputs to the Chinese government even if they don't use a compromised IME? Because if not, then yes it matters whether or not your IME is compromised. Otherwise your position is just "the phone might be compromised in ways I don't know, so I won't even bother fixing the ways I do know".

[solarkraft]

> Are you suggesting that every Chinese person's phone is sending off their keyboard inputs to the Chinese government even if they don't use a compromised IME?

Yes.

You have a point about the rest, though, especially when it comes to more secure systems.

[beervirus]

I would assume that any phone purchased in China is compromised by the CCP.

[jstanley]

In what way though? Are you arguing that people should just ignore security vulnerabilities that they are aware of, on the basis that you think there might be some vulnerabilities that they're not aware of?

[esrauch]

The linked paper literally just says "(assume the default IME app does not have these problems)" in it without justification.

This thirdparty IME concern seem really more relevant for e.g. Japan being worried about it's citizens using a compromised Baidu IME instead of a more trustworthy preinstalled Japanese one. All IMEs all can be keyloggers and the Chinese government can necessarily access Baidu data, and any smaller Chinese IMEs will be outside the auditing and enforcement jurisdiction of the Japanese government.

If you're inside China using the preinstalled OnePlus IME that "untrustworthy supposition" just already holds to the preinstalled one, and there's little reason to believe at least some of these third party IMEs are more likely to be compromised than the preinstalled one instead of less likely.